fa60becb23713f17395e6e9ad69c76ddb440cdcdfcf5776ad37d3d7023fc0957 | Triage

Sharing

General

Target

b9834f23b363dce2d853892cf7e20541_JaffaCakes118
Size

52KB
Sample

240822-3mg5watemg
MD5

b9834f23b363dce2d853892cf7e20541
SHA1

e54d95ddbcb31c8643643fbef058d1be34076996
SHA256

fa60becb23713f17395e6e9ad69c76ddb440cdcdfcf5776ad37d3d7023fc0957
SHA512

a0facf00b6b850d50a816df10acec1e476607291e796215f007b4b31f77c4dd594312bf3c315c2edde1dfcc91bcb9c1e2679b55f85fd95844278aff59cafe753
SSDEEP

768:l77NnrPHecjlXKnnaTyU+Eso75eRt6c/LdNseunjfdZ0Xv1aeWVohZ7Avh/PvW:7m3Yy3KdeLDdNEZ0Xv1ouZsvV

Score

7^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  b9834f23b363dce2d853892cf7e20541_JaffaCakes118
- Size
  
  52KB
- MD5
  
  b9834f23b363dce2d853892cf7e20541
- SHA1
  
  e54d95ddbcb31c8643643fbef058d1be34076996
- SHA256
  
  fa60becb23713f17395e6e9ad69c76ddb440cdcdfcf5776ad37d3d7023fc0957
- SHA512
  
  a0facf00b6b850d50a816df10acec1e476607291e796215f007b4b31f77c4dd594312bf3c315c2edde1dfcc91bcb9c1e2679b55f85fd95844278aff59cafe753
- SSDEEP
  
  768:l77NnrPHecjlXKnnaTyU+Eso75eRt6c/LdNseunjfdZ0Xv1aeWVohZ7Avh/PvW:7m3Yy3KdeLDdNEZ0Xv1ouZsvV
Score

7^/10

discovery evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan