248accf1b762c2c1730fc13178a41daec2b2c31fa76b001148271108fa934e1e | Triage

Sharing

General

Target

ffe002418034fcaa61e53dd23e59b7db_JaffaCakes118
Size

417KB
Sample

240421-wwwlasgf86
MD5

ffe002418034fcaa61e53dd23e59b7db
SHA1

614aaaf4a0e5d6fc42c2794f757ed8aa1fabdffc
SHA256

248accf1b762c2c1730fc13178a41daec2b2c31fa76b001148271108fa934e1e
SHA512

7e555ca097c294ac90ffbb1e1b95fad6588c329db6dd3decf2b55d4f0e7da5cd8de94c478a7da85c00ab107bcdca511f7d8e66791e39dd1d8e392570d7b18a24
SSDEEP

6144:faJo//MFlt6jeCUZPQxf5Zwz9bJkNFLWQt:SJ+GuHUZPQxhZEkNFLWQ

Score

7^/10

Malware Config

Targets

- Target
  
  ffe002418034fcaa61e53dd23e59b7db_JaffaCakes118
- Size
  
  417KB
- MD5
  
  ffe002418034fcaa61e53dd23e59b7db
- SHA1
  
  614aaaf4a0e5d6fc42c2794f757ed8aa1fabdffc
- SHA256
  
  248accf1b762c2c1730fc13178a41daec2b2c31fa76b001148271108fa934e1e
- SHA512
  
  7e555ca097c294ac90ffbb1e1b95fad6588c329db6dd3decf2b55d4f0e7da5cd8de94c478a7da85c00ab107bcdca511f7d8e66791e39dd1d8e392570d7b18a24
- SSDEEP
  
  6144:faJo//MFlt6jeCUZPQxf5Zwz9bJkNFLWQt:SJ+GuHUZPQxhZEkNFLWQ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2