23ba3797ca73c3946d6fd768958941b90edee7ff85a1a0bccb88a2881ec5fd4e | Triage

Sharing

General

Target

8d371ed712462b4be1100fd35723f162_JaffaCakes118
Size

683KB
Sample

240602-hmqrsseb3y
MD5

8d371ed712462b4be1100fd35723f162
SHA1

bd5d3b3ba4d425985078f5152fd3e0e7ea1b162e
SHA256

23ba3797ca73c3946d6fd768958941b90edee7ff85a1a0bccb88a2881ec5fd4e
SHA512

502925a3762178645df05c3bd6c23a49ada40199f74162f5b0860ed2e7fb6aa56877f1d15ea1ccfe4378edb048a1b0e9744a41a652349be586fbd68e902d74f0
SSDEEP

12288:apI1ozCEXgFQZ5O4GsLUfia4eiTxMovq6WuPCOlf5+V6i:yI1oz7gFGL/Uqbe6x5Ku6Op5+V6i

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  8d371ed712462b4be1100fd35723f162_JaffaCakes118
- Size
  
  683KB
- MD5
  
  8d371ed712462b4be1100fd35723f162
- SHA1
  
  bd5d3b3ba4d425985078f5152fd3e0e7ea1b162e
- SHA256
  
  23ba3797ca73c3946d6fd768958941b90edee7ff85a1a0bccb88a2881ec5fd4e
- SHA512
  
  502925a3762178645df05c3bd6c23a49ada40199f74162f5b0860ed2e7fb6aa56877f1d15ea1ccfe4378edb048a1b0e9744a41a652349be586fbd68e902d74f0
- SSDEEP
  
  12288:apI1ozCEXgFQZ5O4GsLUfia4eiTxMovq6WuPCOlf5+V6i:yI1oz7gFGL/Uqbe6x5Ku6Op5+V6i
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2