6cfaf5b937b21be1ed77924abcf2fbf3d3dc25dfd956860a8fcbf331e1e0d7dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d178410ec959cef957315e401f8d42c9_JaffaCakes118
Size

41KB
Sample

240907-j3yb9atemq
MD5

d178410ec959cef957315e401f8d42c9
SHA1

7bac56c32e2da52a925dc99f0bf85bcaa9be8629
SHA256

6cfaf5b937b21be1ed77924abcf2fbf3d3dc25dfd956860a8fcbf331e1e0d7dc
SHA512

0327ed6c87809d1d428553929dadecc16812af70f2e5811e4516c45343d60d73c3a5b8f552e96a40972ee6b05b4e52bdb0794b08ef64810e17f5c5f41b19280a
SSDEEP

768:QIBar1ZIZYnfI9opm6AIHIjaI7g9mVmUnNoNE/W5dRV8:pW1ZIZqI9opm6AIHIjzmUmNzd

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  d178410ec959cef957315e401f8d42c9_JaffaCakes118
- Size
  
  41KB
- MD5
  
  d178410ec959cef957315e401f8d42c9
- SHA1
  
  7bac56c32e2da52a925dc99f0bf85bcaa9be8629
- SHA256
  
  6cfaf5b937b21be1ed77924abcf2fbf3d3dc25dfd956860a8fcbf331e1e0d7dc
- SHA512
  
  0327ed6c87809d1d428553929dadecc16812af70f2e5811e4516c45343d60d73c3a5b8f552e96a40972ee6b05b4e52bdb0794b08ef64810e17f5c5f41b19280a
- SSDEEP
  
  768:QIBar1ZIZYnfI9opm6AIHIjaI7g9mVmUnNoNE/W5dRV8:pW1ZIZqI9opm6AIHIjzmUmNzd
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery