0bb2fa611ec01d877fad2e18a29c8436893c5fb08fbe5fa441d50f3248203840 | Triage

Sharing

General

Target

eab7a7fef2ee14848c512ddbd6a51d6a_JaffaCakes118
Size

928KB
Sample

240919-gqs6natfrc
MD5

eab7a7fef2ee14848c512ddbd6a51d6a
SHA1

1da0b346bd4afb0b87dfac5ecf58b3eb6c2e1aa7
SHA256

0bb2fa611ec01d877fad2e18a29c8436893c5fb08fbe5fa441d50f3248203840
SHA512

6f1e5fd5ce909a27b6de2ca7f1178d54af5a5d95dc710c285fad87626d47d8cf2facb2f51001ba2f1647cf612f2a7622de5b1db94f983c974553643a7a858825
SSDEEP

12288:ozGVd4SVkPXaPtEqDYzVfeL81riSpeVGWPKhSEXbYGBX9DQbPGfgn:yCCbOttkzVC4XpeVGWPKpEGr0bOIn

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  eab7a7fef2ee14848c512ddbd6a51d6a_JaffaCakes118
- Size
  
  928KB
- MD5
  
  eab7a7fef2ee14848c512ddbd6a51d6a
- SHA1
  
  1da0b346bd4afb0b87dfac5ecf58b3eb6c2e1aa7
- SHA256
  
  0bb2fa611ec01d877fad2e18a29c8436893c5fb08fbe5fa441d50f3248203840
- SHA512
  
  6f1e5fd5ce909a27b6de2ca7f1178d54af5a5d95dc710c285fad87626d47d8cf2facb2f51001ba2f1647cf612f2a7622de5b1db94f983c974553643a7a858825
- SSDEEP
  
  12288:ozGVd4SVkPXaPtEqDYzVfeL81riSpeVGWPKhSEXbYGBX9DQbPGfgn:yCCbOttkzVC4XpeVGWPKpEGr0bOIn
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion