ae897231863812fbf7cc9aeaf1a024197c932eae48f69af842c402f1161bdd34 | Triage

Sharing

General

Target

6fdc3535c0e0a35f33c7f28596d3372f_JaffaCakes118
Size

54KB
Sample

240725-q8zktssbpp
MD5

6fdc3535c0e0a35f33c7f28596d3372f
SHA1

12edc87711439ffc6271f4c05fc6dcb6d470ccd5
SHA256

ae897231863812fbf7cc9aeaf1a024197c932eae48f69af842c402f1161bdd34
SHA512

59c58b69f5c1b01a86d3877285dcf52b05a55bed8c3f0eafdb30b9b18078497e97f1de68fb8b3c7b37634bb5331367f7eb9bdf1f70cf566fcbb999c24c30047f
SSDEEP

768:Oe3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJapg4RoSMZeUZB/plAwO5:V3cpyORJLuB4P4AJJv4Romu/8D

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  6fdc3535c0e0a35f33c7f28596d3372f_JaffaCakes118
- Size
  
  54KB
- MD5
  
  6fdc3535c0e0a35f33c7f28596d3372f
- SHA1
  
  12edc87711439ffc6271f4c05fc6dcb6d470ccd5
- SHA256
  
  ae897231863812fbf7cc9aeaf1a024197c932eae48f69af842c402f1161bdd34
- SHA512
  
  59c58b69f5c1b01a86d3877285dcf52b05a55bed8c3f0eafdb30b9b18078497e97f1de68fb8b3c7b37634bb5331367f7eb9bdf1f70cf566fcbb999c24c30047f
- SSDEEP
  
  768:Oe3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJapg4RoSMZeUZB/plAwO5:V3cpyORJLuB4P4AJJv4Romu/8D
Score

10^/10

discovery evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion