ce23c2cf4d6bb1fced1f853415decaecedc9d375b98a4c0de85c8cf3a7cc139c | Triage

Sharing

General

Target

249a0a3a9754d9135d82fef8e484bb82_JaffaCakes118
Size

32KB
Sample

240704-ewcdzswdjg
MD5

249a0a3a9754d9135d82fef8e484bb82
SHA1

fa7606c6e6c6207fe64f792234b6531fd056a066
SHA256

ce23c2cf4d6bb1fced1f853415decaecedc9d375b98a4c0de85c8cf3a7cc139c
SHA512

f420a5969035c52fda884849749f33eb35547f17cd7525e1872270cbfae3434598a0788b778e9c227ddb93b9d6199718f9240278323b330d4f96939faa00d7ca
SSDEEP

384:tWNtx2tdRBOmtqKQq1UW1+jUN/PwyL7rmMBQEQDdim5LtCYPHYqzN50gYPkZo:tWN2tjrtks9tQpimJ74qix

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  249a0a3a9754d9135d82fef8e484bb82_JaffaCakes118
- Size
  
  32KB
- MD5
  
  249a0a3a9754d9135d82fef8e484bb82
- SHA1
  
  fa7606c6e6c6207fe64f792234b6531fd056a066
- SHA256
  
  ce23c2cf4d6bb1fced1f853415decaecedc9d375b98a4c0de85c8cf3a7cc139c
- SHA512
  
  f420a5969035c52fda884849749f33eb35547f17cd7525e1872270cbfae3434598a0788b778e9c227ddb93b9d6199718f9240278323b330d4f96939faa00d7ca
- SSDEEP
  
  384:tWNtx2tdRBOmtqKQq1UW1+jUN/PwyL7rmMBQEQDdim5LtCYPHYqzN50gYPkZo:tWN2tjrtks9tQpimJ74qix
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2