e87b659de5eb32b35be7dc4cfcc302e1d6f3626359f27ee0eb1f7300745b36dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96c94daf9a0377b83f343f159233888f_JaffaCakes118
Size

50KB
Sample

240814-tw54mawfqn
MD5

96c94daf9a0377b83f343f159233888f
SHA1

40c925fc1404572a836b07281ee370af945227dc
SHA256

e87b659de5eb32b35be7dc4cfcc302e1d6f3626359f27ee0eb1f7300745b36dd
SHA512

aefe07df74331d8da484613396ed1e6254673631621fb2bdd581de10a50c8abde1cc97d74e08cd0264dbcaee786849553a5e6490d9a517dbb9fe83c89df97b59
SSDEEP

768:QcVJYDePPJvb5CavomAbDCSOxCY/0tmqjuoUiHP6qKHL+zhL3quOlsCe:dqDQPJvb5bomAKSdO0tmqKo/wrtlLe

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  96c94daf9a0377b83f343f159233888f_JaffaCakes118
- Size
  
  50KB
- MD5
  
  96c94daf9a0377b83f343f159233888f
- SHA1
  
  40c925fc1404572a836b07281ee370af945227dc
- SHA256
  
  e87b659de5eb32b35be7dc4cfcc302e1d6f3626359f27ee0eb1f7300745b36dd
- SHA512
  
  aefe07df74331d8da484613396ed1e6254673631621fb2bdd581de10a50c8abde1cc97d74e08cd0264dbcaee786849553a5e6490d9a517dbb9fe83c89df97b59
- SSDEEP
  
  768:QcVJYDePPJvb5CavomAbDCSOxCY/0tmqjuoUiHP6qKHL+zhL3quOlsCe:dqDQPJvb5bomAKSdO0tmqKo/wrtlLe
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery