053f3443d6512b66e0331f874c71e0988d7510971651c8998e4064f096b34efc | Triage

Sharing

General

Target

65bc8a4025ccdee879c5f2f53b2aeba8_JaffaCakes118
Size

673KB
Sample

240522-c7rxpshg69
MD5

65bc8a4025ccdee879c5f2f53b2aeba8
SHA1

a3147dfa88428d6c081b028eff857a3609ade200
SHA256

053f3443d6512b66e0331f874c71e0988d7510971651c8998e4064f096b34efc
SHA512

d231d4310c71481d5ae24dd5131a9f4334d2e1cbb353f2f1372bd382b8418ec8aba24b768db72c98086e0bba02c6b91de8571b7f2afa868aaf68850be9dc4cc6
SSDEEP

12288:q5v8XvqRrYvhPi7cTqoRKHgGYcveMTv7AqeLDDuu9YMVFca6a:Cv8XCH7uqHgGY4e0QDD9YMV2a6a

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  65bc8a4025ccdee879c5f2f53b2aeba8_JaffaCakes118
- Size
  
  673KB
- MD5
  
  65bc8a4025ccdee879c5f2f53b2aeba8
- SHA1
  
  a3147dfa88428d6c081b028eff857a3609ade200
- SHA256
  
  053f3443d6512b66e0331f874c71e0988d7510971651c8998e4064f096b34efc
- SHA512
  
  d231d4310c71481d5ae24dd5131a9f4334d2e1cbb353f2f1372bd382b8418ec8aba24b768db72c98086e0bba02c6b91de8571b7f2afa868aaf68850be9dc4cc6
- SSDEEP
  
  12288:q5v8XvqRrYvhPi7cTqoRKHgGYcveMTv7AqeLDDuu9YMVFca6a:Cv8XCH7uqHgGY4e0QDD9YMV2a6a
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2