6a82095801b579849f93e58c13f4802ced81a5c3cd5f1283fef41ccdea5807bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52c22d1e0cdd64be69e8d7f4e44202f1_JaffaCakes118
Size

129KB
Sample

241017-vlt42sygmp
MD5

52c22d1e0cdd64be69e8d7f4e44202f1
SHA1

6351563688e1041b23062dcbf8907cfb941a0254
SHA256

6a82095801b579849f93e58c13f4802ced81a5c3cd5f1283fef41ccdea5807bd
SHA512

df1dcf29e031f17db1e5487c8696aa7eb0bc823460be10cdfc11d7e514f4e64e756e6a6ceb808ce9d89d49876faa0cee45d516518c145cba74921768dea219f8
SSDEEP

1536:bv0thf2r6TbJgT3c8henl/Rq4xRMzyVqDa9Ii0eldJJgV3n97llGAmH+4dfrzyI7:bv06uJyxUl00Vh9Ii8bkJeozBXEc4dQ

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  52c22d1e0cdd64be69e8d7f4e44202f1_JaffaCakes118
- Size
  
  129KB
- MD5
  
  52c22d1e0cdd64be69e8d7f4e44202f1
- SHA1
  
  6351563688e1041b23062dcbf8907cfb941a0254
- SHA256
  
  6a82095801b579849f93e58c13f4802ced81a5c3cd5f1283fef41ccdea5807bd
- SHA512
  
  df1dcf29e031f17db1e5487c8696aa7eb0bc823460be10cdfc11d7e514f4e64e756e6a6ceb808ce9d89d49876faa0cee45d516518c145cba74921768dea219f8
- SSDEEP
  
  1536:bv0thf2r6TbJgT3c8henl/Rq4xRMzyVqDa9Ii0eldJJgV3n97llGAmH+4dfrzyI7:bv06uJyxUl00Vh9Ii8bkJeozBXEc4dQ
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2