1411e450adad943508ced1a77896cfdcac6b9fec463b5823e471d0445589380a | Triage

Sharing

General

Target

64372f1c9533e75008ef016049d93b92_JaffaCakes118
Size

709KB
Sample

240521-wheevsde3y
MD5

64372f1c9533e75008ef016049d93b92
SHA1

49710666a3dbe4fae5a12095f8471b05605f199c
SHA256

1411e450adad943508ced1a77896cfdcac6b9fec463b5823e471d0445589380a
SHA512

ea4a4105e573728608bb144b1ab16442f43dc8608746858165af5a590edef01f22df0fddc894ec22cac9d8f61a0e8be6a970a8276e57f5fc8ef693d039fb15c8
SSDEEP

12288:Udk1Dbf27xi6PsmDJyodALFhRfM+JOGnK/FBOjX0nnRn1BjrH8IfV6s:8k1DbHmko6L3y+gVObuRnnrHDV6s

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  64372f1c9533e75008ef016049d93b92_JaffaCakes118
- Size
  
  709KB
- MD5
  
  64372f1c9533e75008ef016049d93b92
- SHA1
  
  49710666a3dbe4fae5a12095f8471b05605f199c
- SHA256
  
  1411e450adad943508ced1a77896cfdcac6b9fec463b5823e471d0445589380a
- SHA512
  
  ea4a4105e573728608bb144b1ab16442f43dc8608746858165af5a590edef01f22df0fddc894ec22cac9d8f61a0e8be6a970a8276e57f5fc8ef693d039fb15c8
- SSDEEP
  
  12288:Udk1Dbf27xi6PsmDJyodALFhRfM+JOGnK/FBOjX0nnRn1BjrH8IfV6s:8k1DbHmko6L3y+gVObuRnnrHDV6s
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2