General

  • Target

    6d554a541f196d57f7c6bd54d7786f46_JaffaCakes118

  • Size

    664KB

  • Sample

    240524-e367yadc53

  • MD5

    6d554a541f196d57f7c6bd54d7786f46

  • SHA1

    7dc99f2a9eed1fa82b7f37d9129129bdbd1a0d41

  • SHA256

    2077c0b09c070cb3b79f3ca7a8d092fac922e31ed55fedf62a34df73c601b0cc

  • SHA512

    9aa9c1e30586cc6aa16c158b235c361ba7d64f7e4b551a2462c813a6e8ded4e091923c6c28926b625f3ea028da4c98385538761e257a6d9974d467970620af06

  • SSDEEP

    12288:YTf5y14kK0RuPZf1HW9Yui4IRYK2VO0X9bDIFVhB0ZJE+Xhs165:Wf5yCkqZf129YupJ9O0X9b0FVDqEcC12

Score
9/10

Malware Config

Targets

    • Target

      6d554a541f196d57f7c6bd54d7786f46_JaffaCakes118

    • Size

      664KB

    • MD5

      6d554a541f196d57f7c6bd54d7786f46

    • SHA1

      7dc99f2a9eed1fa82b7f37d9129129bdbd1a0d41

    • SHA256

      2077c0b09c070cb3b79f3ca7a8d092fac922e31ed55fedf62a34df73c601b0cc

    • SHA512

      9aa9c1e30586cc6aa16c158b235c361ba7d64f7e4b551a2462c813a6e8ded4e091923c6c28926b625f3ea028da4c98385538761e257a6d9974d467970620af06

    • SSDEEP

      12288:YTf5y14kK0RuPZf1HW9Yui4IRYK2VO0X9bDIFVhB0ZJE+Xhs165:Wf5yCkqZf129YupJ9O0X9b0FVDqEcC12

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Tasks