24c5a866f0e318e090430abd9b76a5ba5b07afbccfefee80a670009db8a04f0f | Triage

Sharing

General

Target

ae1c2fa9ee7e4bec38961a9d8e26c999_JaffaCakes118
Size

675KB
Sample

240615-m4bfna1hpr
MD5

ae1c2fa9ee7e4bec38961a9d8e26c999
SHA1

9c60fbf6b7e379acdd6b13f6ffd03400b7b736de
SHA256

24c5a866f0e318e090430abd9b76a5ba5b07afbccfefee80a670009db8a04f0f
SHA512

c3c393f1fe4b8156fc690dac5ca4e6d432ac09abee3604c2b26f9010fdb4b21a315264614e6a787b3341ba80ef8087c47eb1e33d653049d572bc31281c05c06e
SSDEEP

12288:5pPEsv7Q2mJDPBvNb++Pdzjj7Qbdb/XxOGJO9KqyRj334p2nh6w:zPEsvMX1Nnlb7QbFX1J4K5jYp2nh6w

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  ae1c2fa9ee7e4bec38961a9d8e26c999_JaffaCakes118
- Size
  
  675KB
- MD5
  
  ae1c2fa9ee7e4bec38961a9d8e26c999
- SHA1
  
  9c60fbf6b7e379acdd6b13f6ffd03400b7b736de
- SHA256
  
  24c5a866f0e318e090430abd9b76a5ba5b07afbccfefee80a670009db8a04f0f
- SHA512
  
  c3c393f1fe4b8156fc690dac5ca4e6d432ac09abee3604c2b26f9010fdb4b21a315264614e6a787b3341ba80ef8087c47eb1e33d653049d572bc31281c05c06e
- SSDEEP
  
  12288:5pPEsv7Q2mJDPBvNb++Pdzjj7Qbdb/XxOGJO9KqyRj334p2nh6w:zPEsvMX1Nnlb7QbFX1J4K5jYp2nh6w
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2