1244ae56da3499dbe20c87fbd801b7cf3d6d7d2eb2cb4706175889f0d7586b89 | Triage

Sharing

General

Target

68cf6cfdf44db6798c21b94fea631002_JaffaCakes118
Size

671KB
Sample

240522-127b7sah25
MD5

68cf6cfdf44db6798c21b94fea631002
SHA1

0590351124ba6302825cea75361ec059e966208e
SHA256

1244ae56da3499dbe20c87fbd801b7cf3d6d7d2eb2cb4706175889f0d7586b89
SHA512

fa39c3c90ce0588365d5b3fa4d7a91fbaeb91022425f143b8bb5db7b78345347bd10f487d306c4c355c930a945e53a8c05e06cba28dee78c75faea5d70c65c81
SSDEEP

12288:Bu6qjBVl1tlWoXZGfr/2ER+iQk4dMrv4ZlElGQzIdXi5YqFvPpP42XhJXQ8sKkmj:I6qjnJMXaxiQvdMeElxyyvtm0TsKk0US

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  68cf6cfdf44db6798c21b94fea631002_JaffaCakes118
- Size
  
  671KB
- MD5
  
  68cf6cfdf44db6798c21b94fea631002
- SHA1
  
  0590351124ba6302825cea75361ec059e966208e
- SHA256
  
  1244ae56da3499dbe20c87fbd801b7cf3d6d7d2eb2cb4706175889f0d7586b89
- SHA512
  
  fa39c3c90ce0588365d5b3fa4d7a91fbaeb91022425f143b8bb5db7b78345347bd10f487d306c4c355c930a945e53a8c05e06cba28dee78c75faea5d70c65c81
- SSDEEP
  
  12288:Bu6qjBVl1tlWoXZGfr/2ER+iQk4dMrv4ZlElGQzIdXi5YqFvPpP42XhJXQ8sKkmj:I6qjnJMXaxiQvdMeElxyyvtm0TsKk0US
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2