05129278c11947b0376f4efbe931c47d84042d7e5618e46b7e8cfeab4637cb70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b59ebdb5ac2413d18608123e3c1c3a01_JaffaCakes118
Size

627KB
Sample

240616-2xel3ascnc
MD5

b59ebdb5ac2413d18608123e3c1c3a01
SHA1

cb08e161d426c6f1145f6fd9713d17b2a80dbbc3
SHA256

05129278c11947b0376f4efbe931c47d84042d7e5618e46b7e8cfeab4637cb70
SHA512

8176b86ca659d6316de665b16f1dbe4847f13b04670208b714a4667e55d4923532dcd0af389ca3af12b2b68a2864619461a41e51c94b2c8e034643a75a2bcfdc
SSDEEP

12288:wI3wFCiaTbvcEr8dTig6fRg4+sXxCzvDgocqOKlGlsN37P:n3wFCic20fRg4+shCBcaGWNLP

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  b59ebdb5ac2413d18608123e3c1c3a01_JaffaCakes118
- Size
  
  627KB
- MD5
  
  b59ebdb5ac2413d18608123e3c1c3a01
- SHA1
  
  cb08e161d426c6f1145f6fd9713d17b2a80dbbc3
- SHA256
  
  05129278c11947b0376f4efbe931c47d84042d7e5618e46b7e8cfeab4637cb70
- SHA512
  
  8176b86ca659d6316de665b16f1dbe4847f13b04670208b714a4667e55d4923532dcd0af389ca3af12b2b68a2864619461a41e51c94b2c8e034643a75a2bcfdc
- SSDEEP
  
  12288:wI3wFCiaTbvcEr8dTig6fRg4+sXxCzvDgocqOKlGlsN37P:n3wFCic20fRg4+shCBcaGWNLP
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2