130cfed2ed1e99b351f15f72fd947d6b2f13cb9e21bfd5898aae74afa92815af | Triage

Sharing

General

Target

7761ff1ca8fe268862f6dc4a018ab9b5_JaffaCakes118
Size

604KB
Sample

240527-a9nlysbd25
MD5

7761ff1ca8fe268862f6dc4a018ab9b5
SHA1

0c73b3418a49d8b326e6d4620ebecb31ce407a0a
SHA256

130cfed2ed1e99b351f15f72fd947d6b2f13cb9e21bfd5898aae74afa92815af
SHA512

3e42592ea8b9120c40a06c48b3780a27e28edd4b9f8464c5f7d5e6701dc11b6e4caa2345f61eef7729f00a1eada283ab788b84c01f7be35d1b0250432759fd66
SSDEEP

12288:y5BFm0cy8N2fRe+bIF/px7EWgyaQaR/AkDL6E:eBFm0coGFha+xaRZDL6E

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  7761ff1ca8fe268862f6dc4a018ab9b5_JaffaCakes118
- Size
  
  604KB
- MD5
  
  7761ff1ca8fe268862f6dc4a018ab9b5
- SHA1
  
  0c73b3418a49d8b326e6d4620ebecb31ce407a0a
- SHA256
  
  130cfed2ed1e99b351f15f72fd947d6b2f13cb9e21bfd5898aae74afa92815af
- SHA512
  
  3e42592ea8b9120c40a06c48b3780a27e28edd4b9f8464c5f7d5e6701dc11b6e4caa2345f61eef7729f00a1eada283ab788b84c01f7be35d1b0250432759fd66
- SSDEEP
  
  12288:y5BFm0cy8N2fRe+bIF/px7EWgyaQaR/AkDL6E:eBFm0coGFha+xaRZDL6E
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2