156c6a1c46c48778569f82dac082aef856a14cc81af57b122e93fb354d6f9825 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa0bb63236490ffa935ea5b5d9cf5631_JaffaCakes118
Size

289KB
Sample

240927-j5mzasshpm
MD5

fa0bb63236490ffa935ea5b5d9cf5631
SHA1

bf901812f77d63a462fd156ec217d71c8528f322
SHA256

156c6a1c46c48778569f82dac082aef856a14cc81af57b122e93fb354d6f9825
SHA512

bbe0bb05fb3b79bc28cbf1e86747ec46f2c01256922fba4fe6ef3148a9c8c2a892c219521852562d10cc26060c81cb1598908727ab1df565ae51f0bf11df3bb2
SSDEEP

6144:QNfhBNNcphvKBkG/N8fdCnQmOLgi6POmkgvXcvs1TFgnJsTTNAQh2L7jP3:QN5BNNcph+nQfLj6PNivs15ToLnP3

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  fa0bb63236490ffa935ea5b5d9cf5631_JaffaCakes118
- Size
  
  289KB
- MD5
  
  fa0bb63236490ffa935ea5b5d9cf5631
- SHA1
  
  bf901812f77d63a462fd156ec217d71c8528f322
- SHA256
  
  156c6a1c46c48778569f82dac082aef856a14cc81af57b122e93fb354d6f9825
- SHA512
  
  bbe0bb05fb3b79bc28cbf1e86747ec46f2c01256922fba4fe6ef3148a9c8c2a892c219521852562d10cc26060c81cb1598908727ab1df565ae51f0bf11df3bb2
- SSDEEP
  
  6144:QNfhBNNcphvKBkG/N8fdCnQmOLgi6POmkgvXcvs1TFgnJsTTNAQh2L7jP3:QN5BNNcph+nQfLj6PNivs15ToLnP3
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery