General

  • Target

    a629ba29e62a07d4215d50b3f1f5c649_JaffaCakes118

  • Size

    709KB

  • Sample

    240613-se18nsxhjk

  • MD5

    a629ba29e62a07d4215d50b3f1f5c649

  • SHA1

    59653eb9ec09ceae8c08c463e4de16e02a6a9f76

  • SHA256

    06071515102e89ab886cd84fd148885eba64530087dd34021523807b29f1dbb5

  • SHA512

    79537f11281ed1ce2918944961e9d475b5c46b7c33998532e821e6f18abe1c196403fd2a41f3db878aa03f0c86c358ed03e9e69cffc1274a984927e07d1225d5

  • SSDEEP

    12288:Udk1Dbf27xi6PsmDJyodALFhRfM+JOGnK/FBOjX0nnRn1BjrH8IfV6A:8k1DbHmko6L3y+gVObuRnnrHDV6A

Score
9/10

Malware Config

Targets

    • Target

      a629ba29e62a07d4215d50b3f1f5c649_JaffaCakes118

    • Size

      709KB

    • MD5

      a629ba29e62a07d4215d50b3f1f5c649

    • SHA1

      59653eb9ec09ceae8c08c463e4de16e02a6a9f76

    • SHA256

      06071515102e89ab886cd84fd148885eba64530087dd34021523807b29f1dbb5

    • SHA512

      79537f11281ed1ce2918944961e9d475b5c46b7c33998532e821e6f18abe1c196403fd2a41f3db878aa03f0c86c358ed03e9e69cffc1274a984927e07d1225d5

    • SSDEEP

      12288:Udk1Dbf27xi6PsmDJyodALFhRfM+JOGnK/FBOjX0nnRn1BjrH8IfV6A:8k1DbHmko6L3y+gVObuRnnrHDV6A

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Tasks