a639ff592873434fcdb326c58739b17b4a5d954424867eb9239f31e6e03d91b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe92371adc7ac3e1513f915a0c6f207e_JaffaCakes118
Size

124KB
Sample

240929-p4q78aycje
MD5

fe92371adc7ac3e1513f915a0c6f207e
SHA1

b8a567c57cb73bb40fbb191156001fef187e8dd4
SHA256

a639ff592873434fcdb326c58739b17b4a5d954424867eb9239f31e6e03d91b4
SHA512

b114cfc838af8ec643b0ba64d54048318556de399f9540a67f85d7f9548f287a6b4a851d6353b59ab9d43afcd04f9f7c3c2d729a1863b91ba86d56ce973497de
SSDEEP

3072:X+2oy90pLmVFUcT9d0rmsZlcJ1lpknvK0uFBg2J:doy6ponTjKslp4fm

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  fe92371adc7ac3e1513f915a0c6f207e_JaffaCakes118
- Size
  
  124KB
- MD5
  
  fe92371adc7ac3e1513f915a0c6f207e
- SHA1
  
  b8a567c57cb73bb40fbb191156001fef187e8dd4
- SHA256
  
  a639ff592873434fcdb326c58739b17b4a5d954424867eb9239f31e6e03d91b4
- SHA512
  
  b114cfc838af8ec643b0ba64d54048318556de399f9540a67f85d7f9548f287a6b4a851d6353b59ab9d43afcd04f9f7c3c2d729a1863b91ba86d56ce973497de
- SSDEEP
  
  3072:X+2oy90pLmVFUcT9d0rmsZlcJ1lpknvK0uFBg2J:doy6ponTjKslp4fm
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery