11df9067750ae289df23e818ae219cd808c9b194e5d46a8d97734e4e208eb68d | Triage

Sharing

General

Target

b2f5d2b3050ff6cdd4f6ad9d0cf8426e_JaffaCakes118
Size

703KB
Sample

240616-l8jr6azamf
MD5

b2f5d2b3050ff6cdd4f6ad9d0cf8426e
SHA1

480133dcc3dc15f48d4ad0244ec66a541532ffca
SHA256

11df9067750ae289df23e818ae219cd808c9b194e5d46a8d97734e4e208eb68d
SHA512

3c2c93477347fbab43a88a4c2d8d1458b19cc0fff828b96b199f27d3fa1ec64be9c971d31f10ed67fabe749ef0a5837ad25e5941a819241d9c77eb4a966f3fb9
SSDEEP

12288:ovP61XGDZI/TmN2X6N8OlrqPejv3VP66VeGRlHtK+RH2MG63:iP61X3r2U6v+EvVPhVlRDXRHvG63

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  b2f5d2b3050ff6cdd4f6ad9d0cf8426e_JaffaCakes118
- Size
  
  703KB
- MD5
  
  b2f5d2b3050ff6cdd4f6ad9d0cf8426e
- SHA1
  
  480133dcc3dc15f48d4ad0244ec66a541532ffca
- SHA256
  
  11df9067750ae289df23e818ae219cd808c9b194e5d46a8d97734e4e208eb68d
- SHA512
  
  3c2c93477347fbab43a88a4c2d8d1458b19cc0fff828b96b199f27d3fa1ec64be9c971d31f10ed67fabe749ef0a5837ad25e5941a819241d9c77eb4a966f3fb9
- SSDEEP
  
  12288:ovP61XGDZI/TmN2X6N8OlrqPejv3VP66VeGRlHtK+RH2MG63:iP61X3r2U6v+EvVPhVlRDXRHvG63
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2