12f20f6a57cc16b2dadc3d8ffde6ea49afed9f74fa1d5c47c82807612cf60c40 | Triage

Sharing

General

Target

a004839511354a4e63abacf4152573ac_JaffaCakes118
Size

671KB
Sample

240612-kam69awbmk
MD5

a004839511354a4e63abacf4152573ac
SHA1

55f3910e40e28f8342ad1302cf2e8a07d3dc4e11
SHA256

12f20f6a57cc16b2dadc3d8ffde6ea49afed9f74fa1d5c47c82807612cf60c40
SHA512

bc36c2fa07cd2e1cb06af81ef6c9049ee88ddd2dcaaa962d56aa73c7d925593bd5ce73f0d88225c820f9277b76fa33d3c2a096039ceef3daee0eaf20f184dca7
SSDEEP

12288:SZJ7G1zskWtP44444ItPZkTKpPwHb/dgusOlMLSTQNirbCfrL6E:qJ7Uzj4yUo7Fdle8WIbCL6E

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  a004839511354a4e63abacf4152573ac_JaffaCakes118
- Size
  
  671KB
- MD5
  
  a004839511354a4e63abacf4152573ac
- SHA1
  
  55f3910e40e28f8342ad1302cf2e8a07d3dc4e11
- SHA256
  
  12f20f6a57cc16b2dadc3d8ffde6ea49afed9f74fa1d5c47c82807612cf60c40
- SHA512
  
  bc36c2fa07cd2e1cb06af81ef6c9049ee88ddd2dcaaa962d56aa73c7d925593bd5ce73f0d88225c820f9277b76fa33d3c2a096039ceef3daee0eaf20f184dca7
- SSDEEP
  
  12288:SZJ7G1zskWtP44444ItPZkTKpPwHb/dgusOlMLSTQNirbCfrL6E:qJ7Uzj4yUo7Fdle8WIbCL6E
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2