837d90c3aa41e6967d94371313344efdb722eddad122f4baac84b67c5b480b45 | Triage

Sharing

General

Target

ad3ac3087fd4df6ee54abfbf00ca840c_JaffaCakes118
Size

25KB
Sample

240820-ax75tsyckm
MD5

ad3ac3087fd4df6ee54abfbf00ca840c
SHA1

d03570e901bba2815d71f20635ae5938304e6537
SHA256

837d90c3aa41e6967d94371313344efdb722eddad122f4baac84b67c5b480b45
SHA512

fc300be8836826a11c11c468ff85af9296fb56d74e4d27ddfd2f76a310c6b514f029cf90eada96787d949e6cb0d472a092664014ec82b244cf3acd77699e8a52
SSDEEP

384:ORVdMrJpdYtrV79fy2XsWra7ybsexeoYzzumoAb0aYWcDhXdvgPuouzQb/XlF:uMrW9V7h8oYzzu7klYWcvvBiF

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  ad3ac3087fd4df6ee54abfbf00ca840c_JaffaCakes118
- Size
  
  25KB
- MD5
  
  ad3ac3087fd4df6ee54abfbf00ca840c
- SHA1
  
  d03570e901bba2815d71f20635ae5938304e6537
- SHA256
  
  837d90c3aa41e6967d94371313344efdb722eddad122f4baac84b67c5b480b45
- SHA512
  
  fc300be8836826a11c11c468ff85af9296fb56d74e4d27ddfd2f76a310c6b514f029cf90eada96787d949e6cb0d472a092664014ec82b244cf3acd77699e8a52
- SSDEEP
  
  384:ORVdMrJpdYtrV79fy2XsWra7ybsexeoYzzumoAb0aYWcDhXdvgPuouzQb/XlF:uMrW9V7h8oYzzu7klYWcvvBiF
Score

10^/10

discovery evasion
- Modifies security service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Share Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion