a869c23f9ba7ea87f9c2ec6cf8927800143f1edba66e15378381debfc7e1488e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2aa36b572b308d0e1a0d5d41c9b2fb4_JaffaCakes118
Size

9.1MB
Sample

240907-x39xyazglr
MD5

d2aa36b572b308d0e1a0d5d41c9b2fb4
SHA1

e030a8554b8412a5dfe9287e3936a2ad82d29e17
SHA256

a869c23f9ba7ea87f9c2ec6cf8927800143f1edba66e15378381debfc7e1488e
SHA512

94eb72fa3d5c20fa062c75953f8fcb1e6a4850fb83690c1d85add4a481a1e149462075f08d405877f02550afab8ce53e91b0ec07027f9659f25308b03e835534
SSDEEP

196608:7R3pbd6k41gIlBdoyF+Z5aF0+UqAuQdflobc7ACKd+KmZ6F:7Lok41gU4yF+naF0uAuzSUhmMF

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  PictView.exe
- Size
  
  11.2MB
- MD5
  
  59f9d7c498d6aa37c70e75d2c23f4920
- SHA1
  
  301f64d6757258330e2c826fb4ab360a819204c4
- SHA256
  
  4dd6925dcc5124f3cd0b99a3ab8fcb7242c27652842fe43061fe888a9a23ada6
- SHA512
  
  2c7ef0ce8517eb581e39693456d42c48aaa4347bc4131525e51862db7673ea6fe2617baf08587c99993e742cfacdfe60d26b50abbb102924e7ebbe25a813260b
- SSDEEP
  
  196608:ZRv4lGdNJrFD9zTrDC1nhzhTSD+vK56uGw2Vgtm7rLUcFSDrKNQOYJkGcw/fzENL:ZRAlGdRFrD2ndJW2VgtY0cFSfKNQ6GcJ
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2