49f282cc53187bb59824a1dd9b4a0e37e035716ed24f84522f0aec4866d28a0e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

434ab3ed3650227918c573990bfcd6e5_JaffaCakes118
Size

137KB
Sample

240713-zm6xfswhlk
MD5

434ab3ed3650227918c573990bfcd6e5
SHA1

7421018e1a8cd5a54fe5dbb53c18bdec39a12c0c
SHA256

49f282cc53187bb59824a1dd9b4a0e37e035716ed24f84522f0aec4866d28a0e
SHA512

9539dd3ac1482f34eaa81e9d01df3ebfc8ed7ae8e148a3fa2afe1734724e15025bb7ce313079a6c86d158c32fe95a0a5d840519737f3130e7d2a6429f2a99a84
SSDEEP

3072:RAu8mt2HG0oWukt30moymTLNkiyVvZlIdhoZ0bVG2al:Rp8mMHG0qkt3HCxyxZ+oZ0Js

Score

7^/10

Malware Config

Targets

- Target
  
  434ab3ed3650227918c573990bfcd6e5_JaffaCakes118
- Size
  
  137KB
- MD5
  
  434ab3ed3650227918c573990bfcd6e5
- SHA1
  
  7421018e1a8cd5a54fe5dbb53c18bdec39a12c0c
- SHA256
  
  49f282cc53187bb59824a1dd9b4a0e37e035716ed24f84522f0aec4866d28a0e
- SHA512
  
  9539dd3ac1482f34eaa81e9d01df3ebfc8ed7ae8e148a3fa2afe1734724e15025bb7ce313079a6c86d158c32fe95a0a5d840519737f3130e7d2a6429f2a99a84
- SSDEEP
  
  3072:RAu8mt2HG0oWukt30moymTLNkiyVvZlIdhoZ0bVG2al:Rp8mMHG0qkt3HCxyxZ+oZ0Js
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2