13345c9f46ef9f7314288be10b8829444b54e0f820784cf7d7a127e1e756cb26 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3f32d49b338689c85b1117696abe4f5_JaffaCakes118
Size

627KB
Sample

240908-kerp8syara
MD5

d3f32d49b338689c85b1117696abe4f5
SHA1

e26295b3984f5da0d7cb3129aae822d192cd1427
SHA256

13345c9f46ef9f7314288be10b8829444b54e0f820784cf7d7a127e1e756cb26
SHA512

54b95e2b01942882268105b5e7cde4cc45ae86220debd9a8e7cc74736d259ade0d5f414262f3eaa3168c3cdc0d2fc73e8d8a8410f6b98638c0f3c7214466244d
SSDEEP

12288:z4WDjPiYTbAcEL4fCu9BJxB37Yu21yQH0SCJKluZpSlYrX2SlmLs1SW37V:EWDjPiJG9bD37J2oQUSCJKBl02SlF1SU

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  d3f32d49b338689c85b1117696abe4f5_JaffaCakes118
- Size
  
  627KB
- MD5
  
  d3f32d49b338689c85b1117696abe4f5
- SHA1
  
  e26295b3984f5da0d7cb3129aae822d192cd1427
- SHA256
  
  13345c9f46ef9f7314288be10b8829444b54e0f820784cf7d7a127e1e756cb26
- SHA512
  
  54b95e2b01942882268105b5e7cde4cc45ae86220debd9a8e7cc74736d259ade0d5f414262f3eaa3168c3cdc0d2fc73e8d8a8410f6b98638c0f3c7214466244d
- SSDEEP
  
  12288:z4WDjPiYTbAcEL4fCu9BJxB37Yu21yQH0SCJKluZpSlYrX2SlmLs1SW37V:EWDjPiJG9bD37J2oQUSCJKBl02SlF1SU
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion