a4e9f83090da94f3e24bc1792c953c62c4cc9f6ee0ba68a5b820349738d005a4 | Triage

Sharing

General

Target

2c55be40df541743683b7be0cdcd31bc_JaffaCakes118
Size

612KB
Sample

240329-zf6ywaaa42
MD5

2c55be40df541743683b7be0cdcd31bc
SHA1

bcecc9ef412126cbda6798e9dcf95cd107b47c53
SHA256

a4e9f83090da94f3e24bc1792c953c62c4cc9f6ee0ba68a5b820349738d005a4
SHA512

5038292a69b4ef206df0227684b704b044a8add66dbdb3d8eebd0997ec63a4f654fca08abed5bcacaad96b98bcb695d294872d661da6a64a5b8cbde1e2154ef6
SSDEEP

12288:MhvdvDzE8O9K9WeEulUeQUHJwp86C5bZfUT:YFQ85geEkPHJwp8x5Vf

Score

7^/10

Malware Config

Targets

- Target
  
  2c55be40df541743683b7be0cdcd31bc_JaffaCakes118
- Size
  
  612KB
- MD5
  
  2c55be40df541743683b7be0cdcd31bc
- SHA1
  
  bcecc9ef412126cbda6798e9dcf95cd107b47c53
- SHA256
  
  a4e9f83090da94f3e24bc1792c953c62c4cc9f6ee0ba68a5b820349738d005a4
- SHA512
  
  5038292a69b4ef206df0227684b704b044a8add66dbdb3d8eebd0997ec63a4f654fca08abed5bcacaad96b98bcb695d294872d661da6a64a5b8cbde1e2154ef6
- SSDEEP
  
  12288:MhvdvDzE8O9K9WeEulUeQUHJwp86C5bZfUT:YFQ85geEkPHJwp8x5Vf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2