e38a7a0118d013f822224c96f592d9e29880b206983421f4c37b929b9c0ac65e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e8363a96714253f74e78afec6eff1be6_JaffaCakes118
Size

3.6MB
Sample

240408-x1n8fshd98
MD5

e8363a96714253f74e78afec6eff1be6
SHA1

105299b6a0ff323f40f02dce2c3f601f9d76fa36
SHA256

e38a7a0118d013f822224c96f592d9e29880b206983421f4c37b929b9c0ac65e
SHA512

6961e355c1d0cb73ee442e1a237bb49df58d5df95f8e083b6a58a71256936a1019a3391bc14c4d40f527ed5e7d2b455f8c5985e47c9c54e07359528d8aef103a
SSDEEP

49152:j59RU4zq+svl4W8naLgIZ3OutMeZZW3KYJFWhpoc22URR4231TIQgKO24HYgH1:V9jb6qac43OutMQjMF+VfUh1BgGqYe1

Score

7^/10

Malware Config

Targets

- Target
  
  e8363a96714253f74e78afec6eff1be6_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  e8363a96714253f74e78afec6eff1be6
- SHA1
  
  105299b6a0ff323f40f02dce2c3f601f9d76fa36
- SHA256
  
  e38a7a0118d013f822224c96f592d9e29880b206983421f4c37b929b9c0ac65e
- SHA512
  
  6961e355c1d0cb73ee442e1a237bb49df58d5df95f8e083b6a58a71256936a1019a3391bc14c4d40f527ed5e7d2b455f8c5985e47c9c54e07359528d8aef103a
- SSDEEP
  
  49152:j59RU4zq+svl4W8naLgIZ3OutMeZZW3KYJFWhpoc22URR4231TIQgKO24HYgH1:V9jb6qac43OutMQjMF+VfUh1BgGqYe1
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2