20c6201b61e8f23d82c9a43dcee136efaa410a2940e259b59b71f9934951c33d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ddaac9e5b077a8f58b116e6e1881ba4e_JaffaCakes118
Size

563KB
Sample

240913-e1nmtatgpm
MD5

ddaac9e5b077a8f58b116e6e1881ba4e
SHA1

29b31e67c2404f206967c40816e154339c2e0282
SHA256

20c6201b61e8f23d82c9a43dcee136efaa410a2940e259b59b71f9934951c33d
SHA512

5f71598c6a13c6760eb1937e7af553bd5c7bcd1df360e03eb255bb886befc74bb32af259bbd1dade8e36351369b8567b0ba64792f32b8a53ec054e1fb4030b37
SSDEEP

12288:4HL34qssnTUvqjw3AvmYsOa3OX9dLe18z8es1/qOzGncR5Wj2:ML34unT6A4ONkT3Sqyc82

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  ddaac9e5b077a8f58b116e6e1881ba4e_JaffaCakes118
- Size
  
  563KB
- MD5
  
  ddaac9e5b077a8f58b116e6e1881ba4e
- SHA1
  
  29b31e67c2404f206967c40816e154339c2e0282
- SHA256
  
  20c6201b61e8f23d82c9a43dcee136efaa410a2940e259b59b71f9934951c33d
- SHA512
  
  5f71598c6a13c6760eb1937e7af553bd5c7bcd1df360e03eb255bb886befc74bb32af259bbd1dade8e36351369b8567b0ba64792f32b8a53ec054e1fb4030b37
- SSDEEP
  
  12288:4HL34qssnTUvqjw3AvmYsOa3OX9dLe18z8es1/qOzGncR5Wj2:ML34unT6A4ONkT3Sqyc82
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion