ec65ea6d0037f5e50135e29c8038c9924036d7d5d78b4a72704a479b19a5b309 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a8a3e49c4e9aa7eb86835bc33c49344_JaffaCakes118
Size

137KB
Sample

240711-yt5gjasalj
MD5

3a8a3e49c4e9aa7eb86835bc33c49344
SHA1

2de5fb41c392b1331417bb4f1fccd0764bfbfaa9
SHA256

ec65ea6d0037f5e50135e29c8038c9924036d7d5d78b4a72704a479b19a5b309
SHA512

3ea53f336121b58bebc51b8f0186480412488ba92e452004be790839590dae6046c0c6f48e839b6ce2a1848c7310935630a3138275f96a9b3941bdc7e8f979d7
SSDEEP

3072:ZrVMrp1oq9nOyNI9hwqqh2zCQvJwNTbxNSKRUGtJ0:ZSvoWN9qvJwDNSgt

Score

7^/10

Malware Config

Targets

- Target
  
  3a8a3e49c4e9aa7eb86835bc33c49344_JaffaCakes118
- Size
  
  137KB
- MD5
  
  3a8a3e49c4e9aa7eb86835bc33c49344
- SHA1
  
  2de5fb41c392b1331417bb4f1fccd0764bfbfaa9
- SHA256
  
  ec65ea6d0037f5e50135e29c8038c9924036d7d5d78b4a72704a479b19a5b309
- SHA512
  
  3ea53f336121b58bebc51b8f0186480412488ba92e452004be790839590dae6046c0c6f48e839b6ce2a1848c7310935630a3138275f96a9b3941bdc7e8f979d7
- SSDEEP
  
  3072:ZrVMrp1oq9nOyNI9hwqqh2zCQvJwNTbxNSKRUGtJ0:ZSvoWN9qvJwDNSgt
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2