113cfec36e54d955520af06f2c44c1dd0f432f8670a11840b765b9133c71e0f4 | Triage

Sharing

General

Target

9359db12d19bdff22f4cd3c8878ef3ab_JaffaCakes118
Size

675KB
Sample

240604-cgr5saac52
MD5

9359db12d19bdff22f4cd3c8878ef3ab
SHA1

96f6eb286175ce842b338cf252e574ea146265bc
SHA256

113cfec36e54d955520af06f2c44c1dd0f432f8670a11840b765b9133c71e0f4
SHA512

73aee7e6d1d794a901b6a0d9bb8e3641bbbc2bc3733b3886470809b14453828396623b535d943556dafc6cd12aec3bed2b89ca71e3c2f2a7b1c29761cedd271e
SSDEEP

12288:vNxt2GCQZwqLIMRBeZHaElEZlBiZGXEtdrIsydYSYjXDwiYhT+63N:1xt2n6IQ2aEiriZUEtqr+ljXUiYF+63N

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  9359db12d19bdff22f4cd3c8878ef3ab_JaffaCakes118
- Size
  
  675KB
- MD5
  
  9359db12d19bdff22f4cd3c8878ef3ab
- SHA1
  
  96f6eb286175ce842b338cf252e574ea146265bc
- SHA256
  
  113cfec36e54d955520af06f2c44c1dd0f432f8670a11840b765b9133c71e0f4
- SHA512
  
  73aee7e6d1d794a901b6a0d9bb8e3641bbbc2bc3733b3886470809b14453828396623b535d943556dafc6cd12aec3bed2b89ca71e3c2f2a7b1c29761cedd271e
- SSDEEP
  
  12288:vNxt2GCQZwqLIMRBeZHaElEZlBiZGXEtdrIsydYSYjXDwiYhT+63N:1xt2n6IQ2aEiriZUEtqr+ljXUiYF+63N
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2