d45ecd813753f71f8cc83550644bbcf13539c672b731a74be8aeb1e7c9452e56 | Triage

Sharing

General

Target

ebae0f7205be00ee7d576833574a4553_JaffaCakes118
Size

259KB
Sample

240919-tdlx2axdrq
MD5

ebae0f7205be00ee7d576833574a4553
SHA1

09104faf56af1ce877c0a2ef2ef1445bdd3538de
SHA256

d45ecd813753f71f8cc83550644bbcf13539c672b731a74be8aeb1e7c9452e56
SHA512

a5eeda74e1d83a80bd730edb215c95a5f5d68391295dc75477106d93e832101be5555537a7f0554b3f8bad74df99a42cce57271976fa7f7a886e69f3978dcc43
SSDEEP

6144:EfmHJPPBGCidJZvqJ3M0Gr1f4Nc9vRhGIL:XPPBvir4Gr1f4e

Score

10^/10

discovery evasion upx

Malware Config

Targets

- Target
  
  ebae0f7205be00ee7d576833574a4553_JaffaCakes118
- Size
  
  259KB
- MD5
  
  ebae0f7205be00ee7d576833574a4553
- SHA1
  
  09104faf56af1ce877c0a2ef2ef1445bdd3538de
- SHA256
  
  d45ecd813753f71f8cc83550644bbcf13539c672b731a74be8aeb1e7c9452e56
- SHA512
  
  a5eeda74e1d83a80bd730edb215c95a5f5d68391295dc75477106d93e832101be5555537a7f0554b3f8bad74df99a42cce57271976fa7f7a886e69f3978dcc43
- SSDEEP
  
  6144:EfmHJPPBGCidJZvqJ3M0Gr1f4Nc9vRhGIL:XPPBvir4Gr1f4e
Score

10^/10

discovery evasion upx
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionupx

behavioral2

discoveryevasionupx