130a4b36b97cbc42e2064100f8af7e2b6d0ff951fd4206f7009122e9af5b5fc7 | Triage

Sharing

General

Target

6d66632634e281b46fc5976cde70d7f7_JaffaCakes118
Size

604KB
Sample

240524-fk9e1sec2z
MD5

6d66632634e281b46fc5976cde70d7f7
SHA1

c225a15fb3095cfc6b8f36f724346fba5c342ada
SHA256

130a4b36b97cbc42e2064100f8af7e2b6d0ff951fd4206f7009122e9af5b5fc7
SHA512

705e4281cb58a53f91a3ee11a1e1329d19991cb148357244fc9de445b630d3b0a0897a45f1357d5910fed5f0d00576f551e686fa3173d6a6f0b0cc1abcc33aac
SSDEEP

12288:y5BFm0cy8N2fRe+bIF/px7EWgyaQaR/AkDL6h:eBFm0coGFha+xaRZDL6h

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  6d66632634e281b46fc5976cde70d7f7_JaffaCakes118
- Size
  
  604KB
- MD5
  
  6d66632634e281b46fc5976cde70d7f7
- SHA1
  
  c225a15fb3095cfc6b8f36f724346fba5c342ada
- SHA256
  
  130a4b36b97cbc42e2064100f8af7e2b6d0ff951fd4206f7009122e9af5b5fc7
- SHA512
  
  705e4281cb58a53f91a3ee11a1e1329d19991cb148357244fc9de445b630d3b0a0897a45f1357d5910fed5f0d00576f551e686fa3173d6a6f0b0cc1abcc33aac
- SSDEEP
  
  12288:y5BFm0cy8N2fRe+bIF/px7EWgyaQaR/AkDL6h:eBFm0coGFha+xaRZDL6h
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2