2b7a0b5c5975a7070747e2ba81738e3213341ebbfa2e1853c262cb0e67f2daff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b33b93a6d39d10692b53929aafbae2f1_JaffaCakes118
Size

64KB
Sample

240821-m9e12ayepm
MD5

b33b93a6d39d10692b53929aafbae2f1
SHA1

bdf92e2577e494c647e47b4199d8c66d552c6554
SHA256

2b7a0b5c5975a7070747e2ba81738e3213341ebbfa2e1853c262cb0e67f2daff
SHA512

8e4400fc58663e4a53294401ec5573aeb40f9d04450d12b15f6b410487703aeb6d3d479ab7b91c273dd544cfa8213bf04924b630336d439fbc35dbf4594c7047
SSDEEP

1536:4+yWtpy7IyMLC6/etVVHqoR+xkecO1zog:ZVDIs/edNR+xBcAz

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  b33b93a6d39d10692b53929aafbae2f1_JaffaCakes118
- Size
  
  64KB
- MD5
  
  b33b93a6d39d10692b53929aafbae2f1
- SHA1
  
  bdf92e2577e494c647e47b4199d8c66d552c6554
- SHA256
  
  2b7a0b5c5975a7070747e2ba81738e3213341ebbfa2e1853c262cb0e67f2daff
- SHA512
  
  8e4400fc58663e4a53294401ec5573aeb40f9d04450d12b15f6b410487703aeb6d3d479ab7b91c273dd544cfa8213bf04924b630336d439fbc35dbf4594c7047
- SSDEEP
  
  1536:4+yWtpy7IyMLC6/etVVHqoR+xkecO1zog:ZVDIs/edNR+xBcAz
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion