165dde1952dcb956efc42be141092030a5c514090e0599cdd5f1fdcc228846b4 | Triage

Sharing

General

Target

7de3d83cbf88bae1c70ba024e4055f21_JaffaCakes118
Size

532KB
Sample

240528-wref8aee2x
MD5

7de3d83cbf88bae1c70ba024e4055f21
SHA1

a58977d6a3a22175254a694472ec1d6928b281f5
SHA256

165dde1952dcb956efc42be141092030a5c514090e0599cdd5f1fdcc228846b4
SHA512

7280fbc748155522f33a8f931a4cee50e7a9db77c0cffbdcf06ba68e102549bf8a0599e5b9237334d29b1577e161acd4b09f464ad3a36f2b0d0d587efb3053b8
SSDEEP

12288:tXf2DMo6GCfdog22HXrFy+344+E9OsDYMbWMKyH/rexOww90:tv2DBCVx5y+3RxDYv9UCxOwwu

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  7de3d83cbf88bae1c70ba024e4055f21_JaffaCakes118
- Size
  
  532KB
- MD5
  
  7de3d83cbf88bae1c70ba024e4055f21
- SHA1
  
  a58977d6a3a22175254a694472ec1d6928b281f5
- SHA256
  
  165dde1952dcb956efc42be141092030a5c514090e0599cdd5f1fdcc228846b4
- SHA512
  
  7280fbc748155522f33a8f931a4cee50e7a9db77c0cffbdcf06ba68e102549bf8a0599e5b9237334d29b1577e161acd4b09f464ad3a36f2b0d0d587efb3053b8
- SSDEEP
  
  12288:tXf2DMo6GCfdog22HXrFy+344+E9OsDYMbWMKyH/rexOww90:tv2DBCVx5y+3RxDYv9UCxOwwu
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2