026ade7f00ce4f9c989d2bc9df4eb8b5180969280e4928a62ba26d4101bcc4d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b0755e376c4d4e0c4ad1c4e773bec23_JaffaCakes118
Size

532KB
Sample

240523-qata6abf7t
MD5

6b0755e376c4d4e0c4ad1c4e773bec23
SHA1

854409e2b66050ff7b2d2f245bdb66db20f24da3
SHA256

026ade7f00ce4f9c989d2bc9df4eb8b5180969280e4928a62ba26d4101bcc4d7
SHA512

ced745aca9da17e4073212f10ed1bb87b58c6f4ea3c809b995a5114f796ce9b1599f11f401428732a5a77b291d0b4aa52bbc6f1b640c0035e26d38b017ea18be
SSDEEP

12288:tXf2DMo6GCfdog22HXrFy+344+E9OsDYMbWMKyH/rexOww9N:tv2DBCVx5y+3RxDYv9UCxOwwD

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  6b0755e376c4d4e0c4ad1c4e773bec23_JaffaCakes118
- Size
  
  532KB
- MD5
  
  6b0755e376c4d4e0c4ad1c4e773bec23
- SHA1
  
  854409e2b66050ff7b2d2f245bdb66db20f24da3
- SHA256
  
  026ade7f00ce4f9c989d2bc9df4eb8b5180969280e4928a62ba26d4101bcc4d7
- SHA512
  
  ced745aca9da17e4073212f10ed1bb87b58c6f4ea3c809b995a5114f796ce9b1599f11f401428732a5a77b291d0b4aa52bbc6f1b640c0035e26d38b017ea18be
- SSDEEP
  
  12288:tXf2DMo6GCfdog22HXrFy+344+E9OsDYMbWMKyH/rexOww9N:tv2DBCVx5y+3RxDYv9UCxOwwD
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2