24ca667a0c08f22c7e635108ca8bc433b3f93f1ac2ebdd31dc75fb4aa3363f0a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8c969d023890fdc6d1ef4819e104f17_JaffaCakes118
Size

500KB
Sample

240829-n9sgsszhld
MD5

c8c969d023890fdc6d1ef4819e104f17
SHA1

44fee4f030ae7183c487df86f7ac2aaf04119189
SHA256

24ca667a0c08f22c7e635108ca8bc433b3f93f1ac2ebdd31dc75fb4aa3363f0a
SHA512

fcefc37c9a1cb9425f47f4d7dae639a248dd2367f1febfde7120e3deb53a351abaa26db7c122dc964d6ab95768852e749b7070bb2ac9c1b5c37ad8ddad3ceaf4
SSDEEP

6144:hjDI49RbTu85MLG6Nudm6A4uQ2iMbjNP9KJfnGSgP6YGuR7cINe/4dz5C9F+3+OF:hjDHXe85D6NnNM/ZVuJcIG/Hhk

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  c8c969d023890fdc6d1ef4819e104f17_JaffaCakes118
- Size
  
  500KB
- MD5
  
  c8c969d023890fdc6d1ef4819e104f17
- SHA1
  
  44fee4f030ae7183c487df86f7ac2aaf04119189
- SHA256
  
  24ca667a0c08f22c7e635108ca8bc433b3f93f1ac2ebdd31dc75fb4aa3363f0a
- SHA512
  
  fcefc37c9a1cb9425f47f4d7dae639a248dd2367f1febfde7120e3deb53a351abaa26db7c122dc964d6ab95768852e749b7070bb2ac9c1b5c37ad8ddad3ceaf4
- SSDEEP
  
  6144:hjDI49RbTu85MLG6Nudm6A4uQ2iMbjNP9KJfnGSgP6YGuR7cINe/4dz5C9F+3+OF:hjDHXe85D6NnNM/ZVuJcIG/Hhk
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion