4c1223fb4b808698a090e24d0a154759eaea02b26b43c90162ad89e70d61f3fa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08f2a39376217a3262c7683b6e5a988e_JaffaCakes118
Size

50KB
Sample

241002-fc5rvs1gkd
MD5

08f2a39376217a3262c7683b6e5a988e
SHA1

f5bc7bcbd21c446247b8ffbb970603e9d183e882
SHA256

4c1223fb4b808698a090e24d0a154759eaea02b26b43c90162ad89e70d61f3fa
SHA512

97efbff080b0e8e07f9d7cfbcface6e4c41cb9ccae0ce867fcbc0699fdc3b8e6b273550eeceeb5f6cbab3bbb8a30fc9b40bd5f434302769e7bdbd2ee5a4c4061
SSDEEP

768:yMBDzhWZVD7b5CRdcbDniFfHfRSF8IiDrmIihGVVu6YgxfL+neqvdvLAwb:nyD7b52cvipyr3hGVVu6YyTYhBb

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  08f2a39376217a3262c7683b6e5a988e_JaffaCakes118
- Size
  
  50KB
- MD5
  
  08f2a39376217a3262c7683b6e5a988e
- SHA1
  
  f5bc7bcbd21c446247b8ffbb970603e9d183e882
- SHA256
  
  4c1223fb4b808698a090e24d0a154759eaea02b26b43c90162ad89e70d61f3fa
- SHA512
  
  97efbff080b0e8e07f9d7cfbcface6e4c41cb9ccae0ce867fcbc0699fdc3b8e6b273550eeceeb5f6cbab3bbb8a30fc9b40bd5f434302769e7bdbd2ee5a4c4061
- SSDEEP
  
  768:yMBDzhWZVD7b5CRdcbDniFfHfRSF8IiDrmIihGVVu6YgxfL+neqvdvLAwb:nyD7b52cvipyr3hGVVu6YyTYhBb
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery