2373017059d61386f8f3d1b7f4dc5084db31c471d0e3d78bbc0f124b2b67844e | Triage

Sharing

General

Target

81950bd62346edc2012fa1cdb834188c_JaffaCakes118
Size

638KB
Sample

240529-xsjb8sfc36
MD5

81950bd62346edc2012fa1cdb834188c
SHA1

1c0a5bf7aa63b585a2cf8c4e6358a8b2deb5d1ba
SHA256

2373017059d61386f8f3d1b7f4dc5084db31c471d0e3d78bbc0f124b2b67844e
SHA512

f64e505e91b7521784c54f7b60ee5c6a4ccb9a944ab48de2a9ac6ef1e9f4c447b4a9c1a7fcd7bd38ab4ceb049b0a3eb21391b5ed1173d35335a638c636fc08ce
SSDEEP

12288:hmrT/NtMTbIhcvPMLxa8bzzyUoCyhRB2Sjy7Xrxti3rwbX1W38oZ1f6jB3Bs:QrT/Nt3AML1XRykdzltqm8r3f6jB2

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  81950bd62346edc2012fa1cdb834188c_JaffaCakes118
- Size
  
  638KB
- MD5
  
  81950bd62346edc2012fa1cdb834188c
- SHA1
  
  1c0a5bf7aa63b585a2cf8c4e6358a8b2deb5d1ba
- SHA256
  
  2373017059d61386f8f3d1b7f4dc5084db31c471d0e3d78bbc0f124b2b67844e
- SHA512
  
  f64e505e91b7521784c54f7b60ee5c6a4ccb9a944ab48de2a9ac6ef1e9f4c447b4a9c1a7fcd7bd38ab4ceb049b0a3eb21391b5ed1173d35335a638c636fc08ce
- SSDEEP
  
  12288:hmrT/NtMTbIhcvPMLxa8bzzyUoCyhRB2Sjy7Xrxti3rwbX1W38oZ1f6jB3Bs:QrT/Nt3AML1XRykdzltqm8r3f6jB2
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2