aa17bafe1ec585e688d2801c6b20de482058170a2146dcfc0d9d5bfe5d40ffc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea0107c2f11937a38df85e65bdf2356b_JaffaCakes118
Size

176KB
Sample

240918-1brttsvanq
MD5

ea0107c2f11937a38df85e65bdf2356b
SHA1

568f7257976d3507c108a8fdbf2726ff94e17643
SHA256

aa17bafe1ec585e688d2801c6b20de482058170a2146dcfc0d9d5bfe5d40ffc9
SHA512

92e2a5ccda7a7a5f781c061288293b670320e7423ffd370d0edcf612e80669f3f4ea30ae3c05611bf3342163356ccdec664a06c31f1cb59c7fb69d1ea705463a
SSDEEP

3072:pXGeoa8N9I6692pm+4PEk8KACV2Xu5xDj+GSKNPvRpVuox3obZ:FGebGTw2pm+4PEk8Y2XwpSAFq

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  ea0107c2f11937a38df85e65bdf2356b_JaffaCakes118
- Size
  
  176KB
- MD5
  
  ea0107c2f11937a38df85e65bdf2356b
- SHA1
  
  568f7257976d3507c108a8fdbf2726ff94e17643
- SHA256
  
  aa17bafe1ec585e688d2801c6b20de482058170a2146dcfc0d9d5bfe5d40ffc9
- SHA512
  
  92e2a5ccda7a7a5f781c061288293b670320e7423ffd370d0edcf612e80669f3f4ea30ae3c05611bf3342163356ccdec664a06c31f1cb59c7fb69d1ea705463a
- SSDEEP
  
  3072:pXGeoa8N9I6692pm+4PEk8KACV2Xu5xDj+GSKNPvRpVuox3obZ:FGebGTw2pm+4PEk8Y2XwpSAFq
Score

10^/10

discovery evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion