20f64d4fcabd167a60bd8a80043e6315ccf3e43c4d8339a9b1320ddf16b8ec26 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abc3e7b021ccabab35931206a45b9f4e_JaffaCakes118
Size

628KB
Sample

240614-2dx93asdpr
MD5

abc3e7b021ccabab35931206a45b9f4e
SHA1

b6751504b009c262deb62f45b5200672fa5a9911
SHA256

20f64d4fcabd167a60bd8a80043e6315ccf3e43c4d8339a9b1320ddf16b8ec26
SHA512

65ffb9c024db7fbeb6b680a1689184d7e259652687f0da9c3d2535b0850b64fb128bb0f8cafb54e3473c13e9e035d85693fb8b71ce818495dc3047f79fd13783
SSDEEP

12288:eL4MO+THTJZVyWW9Xl6nHZDQQXiPYURmjDAOu7Q944dc6ffG:o4MO+Vx+M1OPoO7tGc6fe

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  abc3e7b021ccabab35931206a45b9f4e_JaffaCakes118
- Size
  
  628KB
- MD5
  
  abc3e7b021ccabab35931206a45b9f4e
- SHA1
  
  b6751504b009c262deb62f45b5200672fa5a9911
- SHA256
  
  20f64d4fcabd167a60bd8a80043e6315ccf3e43c4d8339a9b1320ddf16b8ec26
- SHA512
  
  65ffb9c024db7fbeb6b680a1689184d7e259652687f0da9c3d2535b0850b64fb128bb0f8cafb54e3473c13e9e035d85693fb8b71ce818495dc3047f79fd13783
- SSDEEP
  
  12288:eL4MO+THTJZVyWW9Xl6nHZDQQXiPYURmjDAOu7Q944dc6ffG:o4MO+Vx+M1OPoO7tGc6fe
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2