a14bb9fe64112340a2263d9a8990122dabb76c4b3b2c44c322a615a12bf229d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

086d94cc76671c459a82641c71cb9bf9_JaffaCakes118
Size

177KB
Sample

240624-pcp6va1epd
MD5

086d94cc76671c459a82641c71cb9bf9
SHA1

5c861601f608475900eeac5a725c00784e2f6449
SHA256

a14bb9fe64112340a2263d9a8990122dabb76c4b3b2c44c322a615a12bf229d7
SHA512

1e10be78d8f51fc7d9878adf067d67612691505f4080dc79f96b72bcefc0f0b5e23f73a84f333448579386687071c0eb92ac08758978388e13318dae074df1b9
SSDEEP

3072:HsfO8Ww3ILyzqNhOq75B95dQryd1KewWsSi/Sk8uBzfsvDktNq6Hy/diJcYxoutF:MfO8Wa06eOGsj/1REvDE46H4QlxoSF

Score

8^/10

Malware Config

Targets

- Target
  
  086d94cc76671c459a82641c71cb9bf9_JaffaCakes118
- Size
  
  177KB
- MD5
  
  086d94cc76671c459a82641c71cb9bf9
- SHA1
  
  5c861601f608475900eeac5a725c00784e2f6449
- SHA256
  
  a14bb9fe64112340a2263d9a8990122dabb76c4b3b2c44c322a615a12bf229d7
- SHA512
  
  1e10be78d8f51fc7d9878adf067d67612691505f4080dc79f96b72bcefc0f0b5e23f73a84f333448579386687071c0eb92ac08758978388e13318dae074df1b9
- SSDEEP
  
  3072:HsfO8Ww3ILyzqNhOq75B95dQryd1KewWsSi/Sk8uBzfsvDktNq6Hy/diJcYxoutF:MfO8Wa06eOGsj/1REvDE46H4QlxoSF
Score

8^/10
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2