21085431245383d0d8881409f40daad88e2f1e4abd4e2e77a7aeec46ab91fb85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67919c50f9f8b811c2d9eb868ddf9fff_JaffaCakes118
Size

683KB
Sample

240522-rrnbxaec48
MD5

67919c50f9f8b811c2d9eb868ddf9fff
SHA1

8e819f01506033b942452b52cbc3038335f69b8c
SHA256

21085431245383d0d8881409f40daad88e2f1e4abd4e2e77a7aeec46ab91fb85
SHA512

2ebee6c8706d136f23527612f5094a3fe78ae8f4c834aa83cca90a0e2f2b6a173e710f897f192b7c8fe4775ecefcbf59602b13c20157deaa8b9325952c259cbb
SSDEEP

12288:apI1ozCEXgFQZ5O4GsLUfia4eiTxMovq6WuPCOlf5+V6V:yI1oz7gFGL/Uqbe6x5Ku6Op5+V6V

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  67919c50f9f8b811c2d9eb868ddf9fff_JaffaCakes118
- Size
  
  683KB
- MD5
  
  67919c50f9f8b811c2d9eb868ddf9fff
- SHA1
  
  8e819f01506033b942452b52cbc3038335f69b8c
- SHA256
  
  21085431245383d0d8881409f40daad88e2f1e4abd4e2e77a7aeec46ab91fb85
- SHA512
  
  2ebee6c8706d136f23527612f5094a3fe78ae8f4c834aa83cca90a0e2f2b6a173e710f897f192b7c8fe4775ecefcbf59602b13c20157deaa8b9325952c259cbb
- SSDEEP
  
  12288:apI1ozCEXgFQZ5O4GsLUfia4eiTxMovq6WuPCOlf5+V6V:yI1oz7gFGL/Uqbe6x5Ku6Op5+V6V
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2