9da45c1414fde84e01fbe21e66ab691b1201aaa24c72f8575f5dec3f0fbd23b8 | Triage

Sharing

General

Target

a178083977255560a5e3b886e4f79ce7_JaffaCakes118
Size

2.0MB
Sample

240817-gw53ea1cnc
MD5

a178083977255560a5e3b886e4f79ce7
SHA1

9c59fec6a7d2559db0566ef5adc93740dcc67bad
SHA256

9da45c1414fde84e01fbe21e66ab691b1201aaa24c72f8575f5dec3f0fbd23b8
SHA512

1136f7e5bd5f062fe1249db4d8bddab33f848bb3c901bcde1cdf33f0f7761f104156e5799c64b4e65cf2235d404b1114a246faac5a811b992b222387f80942af
SSDEEP

49152:Dtq2uoGFcKkmE7BRCp4u3e3S5y1Shi35U0thsf:Dduo4cKkmISZe371SgJB4

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  a178083977255560a5e3b886e4f79ce7_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  a178083977255560a5e3b886e4f79ce7
- SHA1
  
  9c59fec6a7d2559db0566ef5adc93740dcc67bad
- SHA256
  
  9da45c1414fde84e01fbe21e66ab691b1201aaa24c72f8575f5dec3f0fbd23b8
- SHA512
  
  1136f7e5bd5f062fe1249db4d8bddab33f848bb3c901bcde1cdf33f0f7761f104156e5799c64b4e65cf2235d404b1114a246faac5a811b992b222387f80942af
- SSDEEP
  
  49152:Dtq2uoGFcKkmE7BRCp4u3e3S5y1Shi35U0thsf:Dduo4cKkmISZe371SgJB4
Score

7^/10

discovery defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscovery