General

  • Target

    a6e5741c45f6291a9130f77292b643b1_JaffaCakes118

  • Size

    663KB

  • Sample

    240613-2fc2xashle

  • MD5

    a6e5741c45f6291a9130f77292b643b1

  • SHA1

    94a2b0e70dc60b566e21198c51b17fdb6a036ab5

  • SHA256

    2473e41a3986a58a9cc154bffd2a8bd0923ea9f71e87963b943e3c859bfbba44

  • SHA512

    96fb1f57a96eaa4d42b7d760436d730ad90e09c4f0cdac46f1114d163c7fdce1be4abd0574a4dd69dfc866d8d4efb8f5b89f11dcea25fb9b75e775dcf3e66f3d

  • SSDEEP

    12288:uqMEMEMgxYtIEov70s2sft/nUGKitxSBRzUZfj9I8waz6v:pMEMER3/dSz4ZZJz6v

Score
9/10

Malware Config

Targets

    • Target

      a6e5741c45f6291a9130f77292b643b1_JaffaCakes118

    • Size

      663KB

    • MD5

      a6e5741c45f6291a9130f77292b643b1

    • SHA1

      94a2b0e70dc60b566e21198c51b17fdb6a036ab5

    • SHA256

      2473e41a3986a58a9cc154bffd2a8bd0923ea9f71e87963b943e3c859bfbba44

    • SHA512

      96fb1f57a96eaa4d42b7d760436d730ad90e09c4f0cdac46f1114d163c7fdce1be4abd0574a4dd69dfc866d8d4efb8f5b89f11dcea25fb9b75e775dcf3e66f3d

    • SSDEEP

      12288:uqMEMEMgxYtIEov70s2sft/nUGKitxSBRzUZfj9I8waz6v:pMEMER3/dSz4ZZJz6v

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Tasks