42984c7cc0d29d8f1c40aac517463c991f4b90e1cb196c822a57d492dc0f3665 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4cf07f0e00efc17fd43c685f2658c768_JaffaCakes118
Size

68KB
Sample

240716-fyy67swfnk
MD5

4cf07f0e00efc17fd43c685f2658c768
SHA1

87403314fa15b5b7c779d2b0131df6fb2958c994
SHA256

42984c7cc0d29d8f1c40aac517463c991f4b90e1cb196c822a57d492dc0f3665
SHA512

bdbb08a6442defcd15442b69e15d505defffd06743c5d7e6da868fb12e4acc35953a7fa7e14fc5aca4e6536e6495f91887e9744d19a2b4026512fc18ef3db395
SSDEEP

768:6y/Asc3Q8Y97tPgADzMgNVcBE7KN0rWGdv/qhjOK0oUW8AOktxd1IdGvnS93k/:UA8utPg0VcBEKN4WKKQK0opdOkLdiW

Score

7^/10

Malware Config

Targets

- Target
  
  4cf07f0e00efc17fd43c685f2658c768_JaffaCakes118
- Size
  
  68KB
- MD5
  
  4cf07f0e00efc17fd43c685f2658c768
- SHA1
  
  87403314fa15b5b7c779d2b0131df6fb2958c994
- SHA256
  
  42984c7cc0d29d8f1c40aac517463c991f4b90e1cb196c822a57d492dc0f3665
- SHA512
  
  bdbb08a6442defcd15442b69e15d505defffd06743c5d7e6da868fb12e4acc35953a7fa7e14fc5aca4e6536e6495f91887e9744d19a2b4026512fc18ef3db395
- SSDEEP
  
  768:6y/Asc3Q8Y97tPgADzMgNVcBE7KN0rWGdv/qhjOK0oUW8AOktxd1IdGvnS93k/:UA8utPg0VcBEKN4WKKQK0opdOkLdiW
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2