0647b2d9ac2bfb9ae2295277ec30c7b9a232fb8806e943e3664381a251e22848 | Triage

Sharing

General

Target

db5393f6f301e7c29b327f17512ded28_JaffaCakes118
Size

664KB
Sample

240911-2brz9swflj
MD5

db5393f6f301e7c29b327f17512ded28
SHA1

502a56d14ea47d36372698b2b02134d772582caa
SHA256

0647b2d9ac2bfb9ae2295277ec30c7b9a232fb8806e943e3664381a251e22848
SHA512

7bb5fbb6a05e063b8e8a77ad5229654bbb5170879f06d50fe66bb7271f18b74f94ce692b2aa33ddb9e3f30356734b9dbb4af0b4f114d6c516eb11d23c0da8e0e
SSDEEP

12288:0tAl+5h74BeJCZpQcXrRxE4MeN7eLc9tnl1EINSDsgBIJTDKn/uA3cI:QAl+5KbQWVMvA9tlpUQguAn/uA37

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  db5393f6f301e7c29b327f17512ded28_JaffaCakes118
- Size
  
  664KB
- MD5
  
  db5393f6f301e7c29b327f17512ded28
- SHA1
  
  502a56d14ea47d36372698b2b02134d772582caa
- SHA256
  
  0647b2d9ac2bfb9ae2295277ec30c7b9a232fb8806e943e3664381a251e22848
- SHA512
  
  7bb5fbb6a05e063b8e8a77ad5229654bbb5170879f06d50fe66bb7271f18b74f94ce692b2aa33ddb9e3f30356734b9dbb4af0b4f114d6c516eb11d23c0da8e0e
- SSDEEP
  
  12288:0tAl+5h74BeJCZpQcXrRxE4MeN7eLc9tnl1EINSDsgBIJTDKn/uA3cI:QAl+5KbQWVMvA9tlpUQguAn/uA37
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion