aed5c80888687d4a56970e91eea9f0ca5c47207bc0d0e6fb008f685e9dd3cb6d | Triage

Sharing

General

Target

545cdd57e5e119b57cef1a1554ca50ae_JaffaCakes118
Size

1.2MB
Sample

241018-abpflatgkh
MD5

545cdd57e5e119b57cef1a1554ca50ae
SHA1

dd8586a22b9f6e0e69f82f8c021b139b01362605
SHA256

aed5c80888687d4a56970e91eea9f0ca5c47207bc0d0e6fb008f685e9dd3cb6d
SHA512

cec45745d108e3b4f868ab0666ffba8d7f5885df3cd3def607713c0b0ac82b4c02ab209dd7876b2e3d22c48ee0399b7b0ecad76ba828a8b398f3fda4d1b8cb02
SSDEEP

24576:13WgpCKBhCNFTUKk6l8mPoIyf79Kx9w/qW1Xs+ME:13WgbuzPofMx8j9

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  545cdd57e5e119b57cef1a1554ca50ae_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  545cdd57e5e119b57cef1a1554ca50ae
- SHA1
  
  dd8586a22b9f6e0e69f82f8c021b139b01362605
- SHA256
  
  aed5c80888687d4a56970e91eea9f0ca5c47207bc0d0e6fb008f685e9dd3cb6d
- SHA512
  
  cec45745d108e3b4f868ab0666ffba8d7f5885df3cd3def607713c0b0ac82b4c02ab209dd7876b2e3d22c48ee0399b7b0ecad76ba828a8b398f3fda4d1b8cb02
- SSDEEP
  
  24576:13WgpCKBhCNFTUKk6l8mPoIyf79Kx9w/qW1Xs+ME:13WgbuzPofMx8j9
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion