5cb57abd17cc200e91158d88fd8ea61e42aa35c44686d5a376b1557db9594331 | Triage

Sharing

General

Target

e83d4360af972e6e71844e24c4f649a1_JaffaCakes118
Size

200KB
Sample

240408-yan1fahg95
MD5

e83d4360af972e6e71844e24c4f649a1
SHA1

fff3d05616dc230cafcfeced58ca845d69ca48dc
SHA256

5cb57abd17cc200e91158d88fd8ea61e42aa35c44686d5a376b1557db9594331
SHA512

4a5e00e2cff98ce05cd097d637739df05eda61866db5e045d327a61ab61d592f86926244f42589729afd54db0350944806a9ed9f4d2527478e4a8221c4910bef
SSDEEP

3072:8XEScz/fT3hbLgYaNYaq1Q6R2w1x0I1src7VgyLYOAhZt:8s7fDhbLgAxR2LqDVJLY/d

Score

7^/10

Malware Config

Targets

- Target
  
  e83d4360af972e6e71844e24c4f649a1_JaffaCakes118
- Size
  
  200KB
- MD5
  
  e83d4360af972e6e71844e24c4f649a1
- SHA1
  
  fff3d05616dc230cafcfeced58ca845d69ca48dc
- SHA256
  
  5cb57abd17cc200e91158d88fd8ea61e42aa35c44686d5a376b1557db9594331
- SHA512
  
  4a5e00e2cff98ce05cd097d637739df05eda61866db5e045d327a61ab61d592f86926244f42589729afd54db0350944806a9ed9f4d2527478e4a8221c4910bef
- SSDEEP
  
  3072:8XEScz/fT3hbLgYaNYaq1Q6R2w1x0I1src7VgyLYOAhZt:8s7fDhbLgAxR2LqDVJLY/d
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2