fc6d0a031f5b7d50977054c1009867de99dfebbc79af7edb658a0caac1e38caf | Triage

Sharing

General

Target

ecb046b05d5585905559c75b2279d5d4_JaffaCakes118
Size

192KB
Sample

240920-c8ry4avgnj
MD5

ecb046b05d5585905559c75b2279d5d4
SHA1

728f675fc742551938ea9f4afd8ee5eb86c7c098
SHA256

fc6d0a031f5b7d50977054c1009867de99dfebbc79af7edb658a0caac1e38caf
SHA512

96a9741755448f40921eb089a31bfde4a8adfb9c1f7311b23ebda3af975ce85a1a2be249ed92b9ffbed60c834e064a40728f9b743633f59f12d23f724b19670f
SSDEEP

3072:Po5Kx/5UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLf:WBoIDbByGPMsMPZQ3EpUPjC

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  ecb046b05d5585905559c75b2279d5d4_JaffaCakes118
- Size
  
  192KB
- MD5
  
  ecb046b05d5585905559c75b2279d5d4
- SHA1
  
  728f675fc742551938ea9f4afd8ee5eb86c7c098
- SHA256
  
  fc6d0a031f5b7d50977054c1009867de99dfebbc79af7edb658a0caac1e38caf
- SHA512
  
  96a9741755448f40921eb089a31bfde4a8adfb9c1f7311b23ebda3af975ce85a1a2be249ed92b9ffbed60c834e064a40728f9b743633f59f12d23f724b19670f
- SSDEEP
  
  3072:Po5Kx/5UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLf:WBoIDbByGPMsMPZQ3EpUPjC
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion