d2cb09457e7391907fa1e021d6e91bc7b75c33b6eff8c6d9f80ab37ea4da386b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f310193b10d20ef79b23a7fbff297f3_JaffaCakes118
Size

564KB
Sample

241003-r1wdwazhlr
MD5

0f310193b10d20ef79b23a7fbff297f3
SHA1

724a32972f395d23111fecfe6606fb114d9b4012
SHA256

d2cb09457e7391907fa1e021d6e91bc7b75c33b6eff8c6d9f80ab37ea4da386b
SHA512

708fc4e9c535dbb4099c9677d8a34576f0e1f1840d3ae30b28a19fe9be159db61c56912b44d7204da959d88f58d254456445d519cfb76f21ceb7f1208af9d577
SSDEEP

12288:tTHa2Vj4T4rVhPsKjsusDWTAgYRubaQziKiQW4cR:tTHZ4T4hN5M/QzDVUR

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  0f310193b10d20ef79b23a7fbff297f3_JaffaCakes118
- Size
  
  564KB
- MD5
  
  0f310193b10d20ef79b23a7fbff297f3
- SHA1
  
  724a32972f395d23111fecfe6606fb114d9b4012
- SHA256
  
  d2cb09457e7391907fa1e021d6e91bc7b75c33b6eff8c6d9f80ab37ea4da386b
- SHA512
  
  708fc4e9c535dbb4099c9677d8a34576f0e1f1840d3ae30b28a19fe9be159db61c56912b44d7204da959d88f58d254456445d519cfb76f21ceb7f1208af9d577
- SSDEEP
  
  12288:tTHa2Vj4T4rVhPsKjsusDWTAgYRubaQziKiQW4cR:tTHZ4T4hN5M/QzDVUR
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion