0aab411633630b5415329ec1b3479180c0666a8ec614472982f3542c41c50b8c | Triage

Sharing

General

Target

ae31f196ae0ff4ecc5b5466f93ce9b19_JaffaCakes118
Size

39KB
Sample

240820-hdc5ca1glr
MD5

ae31f196ae0ff4ecc5b5466f93ce9b19
SHA1

16ef83dcba6b243df00cafb525f0d19831fb8b74
SHA256

0aab411633630b5415329ec1b3479180c0666a8ec614472982f3542c41c50b8c
SHA512

69e960f5c2a8507362e84a3fe5c98a3a80f2d6bda56241639ebcb9357a1862bb2d4e7e996515833826c1d37013df0d28202d90896f3aa3b086ccf561d4ec88ef
SSDEEP

768:qeKEbmI5T5XhbNIB/S2YFpCwt6dYaxcQ7EgvjgBNyGp/Kd/+nRl91vgiKEq:F5mWT5XbSOCQRhKEq

Score

8^/10

discovery evasion execution

Malware Config

Targets

- Target
  
  ae31f196ae0ff4ecc5b5466f93ce9b19_JaffaCakes118
- Size
  
  39KB
- MD5
  
  ae31f196ae0ff4ecc5b5466f93ce9b19
- SHA1
  
  16ef83dcba6b243df00cafb525f0d19831fb8b74
- SHA256
  
  0aab411633630b5415329ec1b3479180c0666a8ec614472982f3542c41c50b8c
- SHA512
  
  69e960f5c2a8507362e84a3fe5c98a3a80f2d6bda56241639ebcb9357a1862bb2d4e7e996515833826c1d37013df0d28202d90896f3aa3b086ccf561d4ec88ef
- SSDEEP
  
  768:qeKEbmI5T5XhbNIB/S2YFpCwt6dYaxcQ7EgvjgBNyGp/Kd/+nRl91vgiKEq:F5mWT5XbSOCQRhKEq
Score

8^/10

discovery evasion execution
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecution

behavioral2

discoveryevasionexecution