General

  • Target

    a61e79c0500dc02a5762e4454b552f2b_JaffaCakes118

  • Size

    686KB

  • Sample

    240613-r8rewstcjf

  • MD5

    a61e79c0500dc02a5762e4454b552f2b

  • SHA1

    473331ec700097dac496d5a3079001e14970fd84

  • SHA256

    10870181ef698564636ecb7a915110272f80a21e9787628338008ea7b49b041f

  • SHA512

    ef2ccb5dc44320977fda9d2124cfd377619b34eb46340cb00eea4207e451eb0a7e9dce6c9ac1d0bea5a023f533e17633e6c44fcb8f50f7f664659014e33e04da

  • SSDEEP

    12288:AIMPYsTtV0GCssn6K2uX/Wcm38cDESXbUHV6a:FMPYsf0G09pWR38cDEOUHV6a

Score
9/10

Malware Config

Targets

    • Target

      a61e79c0500dc02a5762e4454b552f2b_JaffaCakes118

    • Size

      686KB

    • MD5

      a61e79c0500dc02a5762e4454b552f2b

    • SHA1

      473331ec700097dac496d5a3079001e14970fd84

    • SHA256

      10870181ef698564636ecb7a915110272f80a21e9787628338008ea7b49b041f

    • SHA512

      ef2ccb5dc44320977fda9d2124cfd377619b34eb46340cb00eea4207e451eb0a7e9dce6c9ac1d0bea5a023f533e17633e6c44fcb8f50f7f664659014e33e04da

    • SSDEEP

      12288:AIMPYsTtV0GCssn6K2uX/Wcm38cDESXbUHV6a:FMPYsf0G09pWR38cDEOUHV6a

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Tasks