3e5aace51a2b3923b0a14ea8c81eccf059540f02c0f3a4ec7bd183af8d8c6052 | Triage

Sharing

General

Target

eec2f5e9c85abda2cbc4bab9ec26e62f_JaffaCakes118
Size

236KB
Sample

240921-a78jcaxcpa
MD5

eec2f5e9c85abda2cbc4bab9ec26e62f
SHA1

2df28052acb951b099aa71e74e50c88221e55f36
SHA256

3e5aace51a2b3923b0a14ea8c81eccf059540f02c0f3a4ec7bd183af8d8c6052
SHA512

1db97728d78995c6b8f62219388ccec6dda5a89355af9ff11e0f52ab41f1162744e7c05a8a5b307f4e9468f8846808b275246d551b18e2a28abd2c17a094bc0c
SSDEEP

3072:i53mQ7JtnP5I09qgmBBAWgjSvwN/otWoYBmzNa9:qmKJtna2qgmBNgQw8A

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  eec2f5e9c85abda2cbc4bab9ec26e62f_JaffaCakes118
- Size
  
  236KB
- MD5
  
  eec2f5e9c85abda2cbc4bab9ec26e62f
- SHA1
  
  2df28052acb951b099aa71e74e50c88221e55f36
- SHA256
  
  3e5aace51a2b3923b0a14ea8c81eccf059540f02c0f3a4ec7bd183af8d8c6052
- SHA512
  
  1db97728d78995c6b8f62219388ccec6dda5a89355af9ff11e0f52ab41f1162744e7c05a8a5b307f4e9468f8846808b275246d551b18e2a28abd2c17a094bc0c
- SSDEEP
  
  3072:i53mQ7JtnP5I09qgmBBAWgjSvwN/otWoYBmzNa9:qmKJtna2qgmBNgQw8A
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion