a7992a9e61da1da1909dddddaa4f21bd45759f5132d7c9ae31879484aa735db9 | Triage

Sharing

General

Target

2979a756e2090656beea3e792a6560a1_JaffaCakes118
Size

818KB
Sample

240509-l8tblafb93
MD5

2979a756e2090656beea3e792a6560a1
SHA1

3bf62c920683a163f27dd9092b9746ac07de3420
SHA256

a7992a9e61da1da1909dddddaa4f21bd45759f5132d7c9ae31879484aa735db9
SHA512

149c079c9a561429d2de034ddff649a92c5daaea42e0054984ffba1497072d726592c8fc25f57c9f919c23889ce2cc1bd814016ef0ed13b7a32f26ce50b1fd4c
SSDEEP

12288:F3TD4DnRfwKl+We9Y1/RxSkKi+Qn8ySneg5L7d3WUTjw+3NY+cVE8F+1:dTQuKl+x9YLskj+oAe8r/wkNY+cVr8

Score

8^/10

Malware Config

Targets

- Target
  
  2979a756e2090656beea3e792a6560a1_JaffaCakes118
- Size
  
  818KB
- MD5
  
  2979a756e2090656beea3e792a6560a1
- SHA1
  
  3bf62c920683a163f27dd9092b9746ac07de3420
- SHA256
  
  a7992a9e61da1da1909dddddaa4f21bd45759f5132d7c9ae31879484aa735db9
- SHA512
  
  149c079c9a561429d2de034ddff649a92c5daaea42e0054984ffba1497072d726592c8fc25f57c9f919c23889ce2cc1bd814016ef0ed13b7a32f26ce50b1fd4c
- SSDEEP
  
  12288:F3TD4DnRfwKl+We9Y1/RxSkKi+Qn8ySneg5L7d3WUTjw+3NY+cVE8F+1:dTQuKl+x9YLskj+oAe8r/wkNY+cVr8
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2