2f55a3a6b8d9eeaea4f7bed369f2fb9e72477fdeb901d2c9b5f185fcc9732731 | Triage

Sharing

General

Target

1735ef391c40c29bad38520b706df86e_JaffaCakes118
Size

262KB
Sample

241005-lynncsyfjl
MD5

1735ef391c40c29bad38520b706df86e
SHA1

fe12512458c6c8372e6e1979694c56818c0de72c
SHA256

2f55a3a6b8d9eeaea4f7bed369f2fb9e72477fdeb901d2c9b5f185fcc9732731
SHA512

200a7e7cb268c17916106487837cda86d61a3365807155232977293d4a39ab9e7eab7e2dd4b4376349f18b921ac5f983abc00972b8729ca6bcebb23b433d5c1f
SSDEEP

3072:ZYUb5QoJ4g+Ri+Zj6Iz1ZdW4SrO7FSVpEL:ZY7xh6SZI4z7FSVpE

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  1735ef391c40c29bad38520b706df86e_JaffaCakes118
- Size
  
  262KB
- MD5
  
  1735ef391c40c29bad38520b706df86e
- SHA1
  
  fe12512458c6c8372e6e1979694c56818c0de72c
- SHA256
  
  2f55a3a6b8d9eeaea4f7bed369f2fb9e72477fdeb901d2c9b5f185fcc9732731
- SHA512
  
  200a7e7cb268c17916106487837cda86d61a3365807155232977293d4a39ab9e7eab7e2dd4b4376349f18b921ac5f983abc00972b8729ca6bcebb23b433d5c1f
- SSDEEP
  
  3072:ZYUb5QoJ4g+Ri+Zj6Iz1ZdW4SrO7FSVpEL:ZY7xh6SZI4z7FSVpE
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery