4e5dc58e5a5f0b714c3bd179e75731b26ff0e491d09da444c5c274eb2148ab69 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7b632b0897f100cee0127294f2e6df4_JaffaCakes118
Size

1.4MB
Sample

240822-p4qlpaxgpb
MD5

b7b632b0897f100cee0127294f2e6df4
SHA1

76a5fd69b7daae95ce6de1eda5cc9bab9151e5b7
SHA256

4e5dc58e5a5f0b714c3bd179e75731b26ff0e491d09da444c5c274eb2148ab69
SHA512

258c993a89615df07663e7a8ec4e45bcd4df6827f0aae6e9fc1958bb1358a0c73c4625239c649f9606c49fc050797bd0b26ae941d320e3e4d95219585d4d8bac
SSDEEP

24576:85QIzHyuhiDyrPW/abAVShhkW2HjzCURKva8H4ww1:85p6iPW/s3gHPCURsHK1

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  b7b632b0897f100cee0127294f2e6df4_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  b7b632b0897f100cee0127294f2e6df4
- SHA1
  
  76a5fd69b7daae95ce6de1eda5cc9bab9151e5b7
- SHA256
  
  4e5dc58e5a5f0b714c3bd179e75731b26ff0e491d09da444c5c274eb2148ab69
- SHA512
  
  258c993a89615df07663e7a8ec4e45bcd4df6827f0aae6e9fc1958bb1358a0c73c4625239c649f9606c49fc050797bd0b26ae941d320e3e4d95219585d4d8bac
- SSDEEP
  
  24576:85QIzHyuhiDyrPW/abAVShhkW2HjzCURKva8H4ww1:85p6iPW/s3gHPCURsHK1
Score

7^/10

discovery defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscovery