148d3e5b00e1572503248b6661cd2adff62e0396d21f4251cfedf2685de366a0 | Triage

Sharing

General

Target

d39139c6e3c60d6cb431bb2250e2d5b4_JaffaCakes118
Size

666KB
Sample

240908-fdm87sxdnp
MD5

d39139c6e3c60d6cb431bb2250e2d5b4
SHA1

3229ee383db52d75fafb855969059e77f97469e8
SHA256

148d3e5b00e1572503248b6661cd2adff62e0396d21f4251cfedf2685de366a0
SHA512

41a09514b2130169bacc4b9507297350e442e31a05a03a669d2a22397aefe5ecc4a37e0b805851133063606e9afe903714bc09630c9607337828db5649ef1189
SSDEEP

12288:5N7njumso2sJSQpDLsyIDcGZSXOsfsn42HeFtjNQqnsI+68:37njXhgQlHGZCs4YW+68

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  d39139c6e3c60d6cb431bb2250e2d5b4_JaffaCakes118
- Size
  
  666KB
- MD5
  
  d39139c6e3c60d6cb431bb2250e2d5b4
- SHA1
  
  3229ee383db52d75fafb855969059e77f97469e8
- SHA256
  
  148d3e5b00e1572503248b6661cd2adff62e0396d21f4251cfedf2685de366a0
- SHA512
  
  41a09514b2130169bacc4b9507297350e442e31a05a03a669d2a22397aefe5ecc4a37e0b805851133063606e9afe903714bc09630c9607337828db5649ef1189
- SSDEEP
  
  12288:5N7njumso2sJSQpDLsyIDcGZSXOsfsn42HeFtjNQqnsI+68:37njXhgQlHGZCs4YW+68
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion