14053203870959c77e0a78832375ef02415e4e57157c130b3a849d7a3299191d | Triage

Sharing

General

Target

9f5c706d0fc49650250d096c06616f8a_JaffaCakes118
Size

512KB
Sample

240611-ypp62szbpl
MD5

9f5c706d0fc49650250d096c06616f8a
SHA1

64a3c524004ba32775be51927e349e81960b1c61
SHA256

14053203870959c77e0a78832375ef02415e4e57157c130b3a849d7a3299191d
SHA512

42d653f42d564980a379b97a6da94cfaa46a881f9a68632ff99771af211ad485a31dce66de0cdd1d13302a5a94c7e86fbc1c5254a6f7f5a7425886022cf9ce26
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4R:0+h9OY70z+warul3E4R

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  9f5c706d0fc49650250d096c06616f8a_JaffaCakes118
- Size
  
  512KB
- MD5
  
  9f5c706d0fc49650250d096c06616f8a
- SHA1
  
  64a3c524004ba32775be51927e349e81960b1c61
- SHA256
  
  14053203870959c77e0a78832375ef02415e4e57157c130b3a849d7a3299191d
- SHA512
  
  42d653f42d564980a379b97a6da94cfaa46a881f9a68632ff99771af211ad485a31dce66de0cdd1d13302a5a94c7e86fbc1c5254a6f7f5a7425886022cf9ce26
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4R:0+h9OY70z+warul3E4R
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2