7c3006d165399ba2cc500f9f431cdc7823ad534a85d83bdfd4177a5d2bf5abec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76b39b832f47393a0827203fbb459c33_JaffaCakes118
Size

231KB
Sample

240526-y14tksbe99
MD5

76b39b832f47393a0827203fbb459c33
SHA1

c4475e36552022397cf89cc9ff5b10620666ae51
SHA256

7c3006d165399ba2cc500f9f431cdc7823ad534a85d83bdfd4177a5d2bf5abec
SHA512

472577a554a7b927231f28b42b2878962d4202def3b088ce3b8d5569eeb5d9856f84cffb841861c45080507a421993014d4b884dac07cfb463dce84aad119d01
SSDEEP

6144:PC3+i8c0XmyT8cW1peyieABxnP6IIEaLKTCf:a3yXmyA5OyieAPPm5KTCf

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  76b39b832f47393a0827203fbb459c33_JaffaCakes118
- Size
  
  231KB
- MD5
  
  76b39b832f47393a0827203fbb459c33
- SHA1
  
  c4475e36552022397cf89cc9ff5b10620666ae51
- SHA256
  
  7c3006d165399ba2cc500f9f431cdc7823ad534a85d83bdfd4177a5d2bf5abec
- SHA512
  
  472577a554a7b927231f28b42b2878962d4202def3b088ce3b8d5569eeb5d9856f84cffb841861c45080507a421993014d4b884dac07cfb463dce84aad119d01
- SSDEEP
  
  6144:PC3+i8c0XmyT8cW1peyieABxnP6IIEaLKTCf:a3yXmyA5OyieAPPm5KTCf
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2