419175a9942611ab20596a18dcb2a66e83775587b2bf6571da262b97394343b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94695200083d512733fc3f8f48d8b546_JaffaCakes118
Size

664KB
Sample

240604-lzr26scf5x
MD5

94695200083d512733fc3f8f48d8b546
SHA1

e775f71c2be95845a2093f85b1fad0d2bd7100a5
SHA256

419175a9942611ab20596a18dcb2a66e83775587b2bf6571da262b97394343b4
SHA512

149c9682bc1f4fe6e017cbd4d0f78d2f28d0bca586501d2f4468d465279b56e6e3967677dca6de59ee6006f3cdc074d5d7952b19f16285f4c9480c6a785ab905
SSDEEP

12288:YTf5y14kK0RuPZf1HW9Yui4IRYK2VO0X9bDIFVhB0ZJE+Xhs16C:Wf5yCkqZf129YupJ9O0X9b0FVDqEcC1t

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  94695200083d512733fc3f8f48d8b546_JaffaCakes118
- Size
  
  664KB
- MD5
  
  94695200083d512733fc3f8f48d8b546
- SHA1
  
  e775f71c2be95845a2093f85b1fad0d2bd7100a5
- SHA256
  
  419175a9942611ab20596a18dcb2a66e83775587b2bf6571da262b97394343b4
- SHA512
  
  149c9682bc1f4fe6e017cbd4d0f78d2f28d0bca586501d2f4468d465279b56e6e3967677dca6de59ee6006f3cdc074d5d7952b19f16285f4c9480c6a785ab905
- SSDEEP
  
  12288:YTf5y14kK0RuPZf1HW9Yui4IRYK2VO0X9bDIFVhB0ZJE+Xhs16C:Wf5yCkqZf129YupJ9O0X9b0FVDqEcC1t
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2