bbe3881944a8e5f6da506d944d929ea95a4e5335705429c8c539af9d998d294f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a936d4fc510938e884645942d03e54e_JaffaCakes118
Size

259KB
Sample

241002-pax4nsverm
MD5

0a936d4fc510938e884645942d03e54e
SHA1

632ad6a856884e4a5cb995024321f79b86fe08c3
SHA256

bbe3881944a8e5f6da506d944d929ea95a4e5335705429c8c539af9d998d294f
SHA512

2312c1e93f56b45bc017765b5b1e574ea96ee69c7ca7f5e94fa49f3297d3b33d495eef4154c4b8ca4fbaadba4ba09056ca768d28c5aff8b1efb03f03f106c837
SSDEEP

3072:ZYUb5QoJ4g+Ri+Zj6Iz1ZdW4SrO7FSVpKAX:ZY7xh6SZI4z7FSVp1X

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  0a936d4fc510938e884645942d03e54e_JaffaCakes118
- Size
  
  259KB
- MD5
  
  0a936d4fc510938e884645942d03e54e
- SHA1
  
  632ad6a856884e4a5cb995024321f79b86fe08c3
- SHA256
  
  bbe3881944a8e5f6da506d944d929ea95a4e5335705429c8c539af9d998d294f
- SHA512
  
  2312c1e93f56b45bc017765b5b1e574ea96ee69c7ca7f5e94fa49f3297d3b33d495eef4154c4b8ca4fbaadba4ba09056ca768d28c5aff8b1efb03f03f106c837
- SSDEEP
  
  3072:ZYUb5QoJ4g+Ri+Zj6Iz1ZdW4SrO7FSVpKAX:ZY7xh6SZI4z7FSVp1X
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery