efc77d6027f12ed1e3f0c257b7b68c00db1eedbb5dd4a20aa9d2326632a166d3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74f161b1bc473af7031aef72c14ba1ac_JaffaCakes118
Size

517KB
Sample

240526-ktm1ladf98
MD5

74f161b1bc473af7031aef72c14ba1ac
SHA1

b5e56d52b44d948625a7f48a905b0e9ddb41595a
SHA256

efc77d6027f12ed1e3f0c257b7b68c00db1eedbb5dd4a20aa9d2326632a166d3
SHA512

0f0b52c8cdf582e63ac3b3ca0240be7653af3c4577a06edadce99c42f8de1367df16567839a246e3e29a4b8a487071dc7f2b08cba1b254e2d9db2a8c034e3e01
SSDEEP

12288:AmUqR5z0FOTC1NXIHfpJYlY/Qy5eEG30LC+MCW1qrQpPt/0KuV:AmUqqOTAXIHfpOcQ6JG30L/MCW1yQpiB

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  74f161b1bc473af7031aef72c14ba1ac_JaffaCakes118
- Size
  
  517KB
- MD5
  
  74f161b1bc473af7031aef72c14ba1ac
- SHA1
  
  b5e56d52b44d948625a7f48a905b0e9ddb41595a
- SHA256
  
  efc77d6027f12ed1e3f0c257b7b68c00db1eedbb5dd4a20aa9d2326632a166d3
- SHA512
  
  0f0b52c8cdf582e63ac3b3ca0240be7653af3c4577a06edadce99c42f8de1367df16567839a246e3e29a4b8a487071dc7f2b08cba1b254e2d9db2a8c034e3e01
- SSDEEP
  
  12288:AmUqR5z0FOTC1NXIHfpJYlY/Qy5eEG30LC+MCW1qrQpPt/0KuV:AmUqqOTAXIHfpOcQ6JG30L/MCW1yQpiB
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2