245162fd63c2d72cb7a182fe903b56dff3197eb9de1c2245e636e7421f818dad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2871d752f618367d72345e44e3854760_JaffaCakes118
Size

166KB
Sample

240706-rjvq1szfmp
MD5

2871d752f618367d72345e44e3854760
SHA1

cc87fcae6c24609686cf8b15193b56c5d9c91000
SHA256

245162fd63c2d72cb7a182fe903b56dff3197eb9de1c2245e636e7421f818dad
SHA512

18d0750d9a2116535a36bdbbd9d3cb249e6d61c9775440decbe72743cfc4cb40396197fbe3d3082662662779323d6aebf443b61009ed70e127254c25a7c2f049
SSDEEP

3072:gKDAfCDSmJ01QR8j8wdIlU+44hDThgND0aFSElSBTux53ZM4vazD1QaH3E23:gRg68wJ49hmg2/lSVkHM4vazWaHx3

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  2871d752f618367d72345e44e3854760_JaffaCakes118
- Size
  
  166KB
- MD5
  
  2871d752f618367d72345e44e3854760
- SHA1
  
  cc87fcae6c24609686cf8b15193b56c5d9c91000
- SHA256
  
  245162fd63c2d72cb7a182fe903b56dff3197eb9de1c2245e636e7421f818dad
- SHA512
  
  18d0750d9a2116535a36bdbbd9d3cb249e6d61c9775440decbe72743cfc4cb40396197fbe3d3082662662779323d6aebf443b61009ed70e127254c25a7c2f049
- SSDEEP
  
  3072:gKDAfCDSmJ01QR8j8wdIlU+44hDThgND0aFSElSBTux53ZM4vazD1QaH3E23:gRg68wJ49hmg2/lSVkHM4vazWaHx3
Score

8^/10

evasion
- Disables RegEdit via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2