21a5f9220b588cabed4d86c3204c415fae4cee2ea35a0265adcf556979b81dc9 | Triage

Sharing

General

Target

eab383f02280dc745cf46e859ee7628a_JaffaCakes118
Size

683KB
Sample

240919-gjjnmstdqe
MD5

eab383f02280dc745cf46e859ee7628a
SHA1

9bb8b25a689b8fa707c93db39ff8695f3a1984f9
SHA256

21a5f9220b588cabed4d86c3204c415fae4cee2ea35a0265adcf556979b81dc9
SHA512

2559ebd8e3a6643360f0445ad373c800dbdc3d08a934de2d4a1834b85b49fecf69329cdd35b6b9c6b0f2545a935f21ff3972b136fd973fbc1d20a1fb1c524bbd
SSDEEP

12288:apI1ozCEXgFQZ5O4GsLUfia4eiTxMovq6WuPCOlf5+V6u:yI1oz7gFGL/Uqbe6x5Ku6Op5+V6u

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  eab383f02280dc745cf46e859ee7628a_JaffaCakes118
- Size
  
  683KB
- MD5
  
  eab383f02280dc745cf46e859ee7628a
- SHA1
  
  9bb8b25a689b8fa707c93db39ff8695f3a1984f9
- SHA256
  
  21a5f9220b588cabed4d86c3204c415fae4cee2ea35a0265adcf556979b81dc9
- SHA512
  
  2559ebd8e3a6643360f0445ad373c800dbdc3d08a934de2d4a1834b85b49fecf69329cdd35b6b9c6b0f2545a935f21ff3972b136fd973fbc1d20a1fb1c524bbd
- SSDEEP
  
  12288:apI1ozCEXgFQZ5O4GsLUfia4eiTxMovq6WuPCOlf5+V6u:yI1oz7gFGL/Uqbe6x5Ku6Op5+V6u
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion