b6d36e630bad2c8fbdf17791632ade257f0ee0fbbc517b017cf3c74bd01eecc3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00c0bd3db4699ba4ca0c358b1bf80ad2_JaffaCakes118
Size

165KB
Sample

240930-l1zteatcqe
MD5

00c0bd3db4699ba4ca0c358b1bf80ad2
SHA1

18ed041c8b2068fd5101a4f6a5c216eff8bf97fe
SHA256

b6d36e630bad2c8fbdf17791632ade257f0ee0fbbc517b017cf3c74bd01eecc3
SHA512

632c83530ee093f20a14c71033d00d5ef108aabfb66f1b472946541ef43968d83ce84318d06906ea1950173921c741d1ef9c19907bcfd44b89c5bd8efe02519b
SSDEEP

3072:W4HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:ViI/PlY37ZLF4Ca6WABqBOvs

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  00c0bd3db4699ba4ca0c358b1bf80ad2_JaffaCakes118
- Size
  
  165KB
- MD5
  
  00c0bd3db4699ba4ca0c358b1bf80ad2
- SHA1
  
  18ed041c8b2068fd5101a4f6a5c216eff8bf97fe
- SHA256
  
  b6d36e630bad2c8fbdf17791632ade257f0ee0fbbc517b017cf3c74bd01eecc3
- SHA512
  
  632c83530ee093f20a14c71033d00d5ef108aabfb66f1b472946541ef43968d83ce84318d06906ea1950173921c741d1ef9c19907bcfd44b89c5bd8efe02519b
- SSDEEP
  
  3072:W4HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:ViI/PlY37ZLF4Ca6WABqBOvs
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2