2b5c023c25af36dcfcf59a6b960065d709ee68e75419473681776561a037dbe7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

179680487558a29bcea4d8e8178a0ca7_JaffaCakes118
Size

220KB
Sample

240505-n9alzshe3z
MD5

179680487558a29bcea4d8e8178a0ca7
SHA1

99038ba9bcfcab13a686de8ab11ed0891c74c3d6
SHA256

2b5c023c25af36dcfcf59a6b960065d709ee68e75419473681776561a037dbe7
SHA512

4ac6fec73e3a540cd81e435111dacd688d40556a80f27989bf338c7935a985e0e28dd855aa4fc8a21ea27a6792e409e643bd3981990252c28fb4284810dad75e
SSDEEP

6144:l1cLTFofH3UorgDHojaUX8j3G4fhMiJ8nnnng1wte39fDyelW0ixs0Jm651kgTOD:l1cLTsxywW3xfqiJ8nnnngaghDJ5ixJK

Score

7^/10

Malware Config

Targets

- Target
  
  179680487558a29bcea4d8e8178a0ca7_JaffaCakes118
- Size
  
  220KB
- MD5
  
  179680487558a29bcea4d8e8178a0ca7
- SHA1
  
  99038ba9bcfcab13a686de8ab11ed0891c74c3d6
- SHA256
  
  2b5c023c25af36dcfcf59a6b960065d709ee68e75419473681776561a037dbe7
- SHA512
  
  4ac6fec73e3a540cd81e435111dacd688d40556a80f27989bf338c7935a985e0e28dd855aa4fc8a21ea27a6792e409e643bd3981990252c28fb4284810dad75e
- SSDEEP
  
  6144:l1cLTFofH3UorgDHojaUX8j3G4fhMiJ8nnnng1wte39fDyelW0ixs0Jm651kgTOD:l1cLTsxywW3xfqiJ8nnnngaghDJ5ixJK
Score

7^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2