General

  • Target

    a620c49e30ef4da3f7a835ac3e3d29f9_JaffaCakes118

  • Size

    671KB

  • Sample

    240613-saavxstcmg

  • MD5

    a620c49e30ef4da3f7a835ac3e3d29f9

  • SHA1

    3c70e01892fae6d76a95435d2bdd3cee6b9d097b

  • SHA256

    2179ad17915311a073bd3e9d8ed4388704c636496afa1b67f3642543e5dae0e5

  • SHA512

    869b3c42557dab5cfa05f29818538657f110491ccdf4622d90a8b8326c15b8832d27ab95d00f4a438d972fce797a851f6e25864baa5cb0d40e5c23230d9384ce

  • SSDEEP

    12288:SZJ7G1zskWtP44444ItPZkTKpPwHb/dgusOlMLSTQNirbCfrL6r:qJ7Uzj4yUo7Fdle8WIbCL6r

Score
9/10

Malware Config

Targets

    • Target

      a620c49e30ef4da3f7a835ac3e3d29f9_JaffaCakes118

    • Size

      671KB

    • MD5

      a620c49e30ef4da3f7a835ac3e3d29f9

    • SHA1

      3c70e01892fae6d76a95435d2bdd3cee6b9d097b

    • SHA256

      2179ad17915311a073bd3e9d8ed4388704c636496afa1b67f3642543e5dae0e5

    • SHA512

      869b3c42557dab5cfa05f29818538657f110491ccdf4622d90a8b8326c15b8832d27ab95d00f4a438d972fce797a851f6e25864baa5cb0d40e5c23230d9384ce

    • SSDEEP

      12288:SZJ7G1zskWtP44444ItPZkTKpPwHb/dgusOlMLSTQNirbCfrL6r:qJ7Uzj4yUo7Fdle8WIbCL6r

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Tasks