f5ef293d9f70fbba2d0d54f4f39f4456961a61d3792ecc5f043f40cc67a8ec43 | Triage

Sharing

General

Target

a5e469f1cffc7ba12bfd84f6c03aac85_JaffaCakes118
Size

231KB
Sample

240613-q78gcawbpp
MD5

a5e469f1cffc7ba12bfd84f6c03aac85
SHA1

b69f721ffee76857cef38f0133c1232a172a37c0
SHA256

f5ef293d9f70fbba2d0d54f4f39f4456961a61d3792ecc5f043f40cc67a8ec43
SHA512

1e1034266b0988cfff658401e9e2cc831a02129874d7420a133eb9bd7478afc5e56091ce615fa9a175371bcb766e3e321dbb0f64e18fd990d30c2488ecab7580
SSDEEP

6144:PC3+i8c0XmyT8cW1peyieABxnP6IIEaLKTCf:a3yXmyA5OyieAPPm5KTCf

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  a5e469f1cffc7ba12bfd84f6c03aac85_JaffaCakes118
- Size
  
  231KB
- MD5
  
  a5e469f1cffc7ba12bfd84f6c03aac85
- SHA1
  
  b69f721ffee76857cef38f0133c1232a172a37c0
- SHA256
  
  f5ef293d9f70fbba2d0d54f4f39f4456961a61d3792ecc5f043f40cc67a8ec43
- SHA512
  
  1e1034266b0988cfff658401e9e2cc831a02129874d7420a133eb9bd7478afc5e56091ce615fa9a175371bcb766e3e321dbb0f64e18fd990d30c2488ecab7580
- SSDEEP
  
  6144:PC3+i8c0XmyT8cW1peyieABxnP6IIEaLKTCf:a3yXmyA5OyieAPPm5KTCf
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2