066692cca667e47477e334717126c9c31c651ae87c2479e5fdced1caa89bbdfd | Triage

Sharing

General

Target

77bfb519ef0c47a9e6db5301235117f9_JaffaCakes118
Size

530KB
Sample

240527-dwlrzsfd63
MD5

77bfb519ef0c47a9e6db5301235117f9
SHA1

57cb71cc8b95a12d4d723307c09ab7bf9955ceee
SHA256

066692cca667e47477e334717126c9c31c651ae87c2479e5fdced1caa89bbdfd
SHA512

ac29a0998460f10aaf1ec138ba199597e2e9d91ac2bba93493a3c38ec3a2290337a7c303ba07f3a59f8be47d9a1c9791bcfaebfb7e23ad723043cac3aaf0f0bf
SSDEEP

12288:Tu66hu4yCxJD6TVVvSbpbh4dCoeusTiC3KZUl7NiJwjAdr:T8u4yCEpHdGus+C3KulYwjA5

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  77bfb519ef0c47a9e6db5301235117f9_JaffaCakes118
- Size
  
  530KB
- MD5
  
  77bfb519ef0c47a9e6db5301235117f9
- SHA1
  
  57cb71cc8b95a12d4d723307c09ab7bf9955ceee
- SHA256
  
  066692cca667e47477e334717126c9c31c651ae87c2479e5fdced1caa89bbdfd
- SHA512
  
  ac29a0998460f10aaf1ec138ba199597e2e9d91ac2bba93493a3c38ec3a2290337a7c303ba07f3a59f8be47d9a1c9791bcfaebfb7e23ad723043cac3aaf0f0bf
- SSDEEP
  
  12288:Tu66hu4yCxJD6TVVvSbpbh4dCoeusTiC3KZUl7NiJwjAdr:T8u4yCEpHdGus+C3KulYwjA5
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2