24cf031dded3c594d05b35d0f128f25d2ee37b7f088e219ac7a4291abd67b4df | Triage

Sharing

General

Target

b4ed6d8ddf83e70e08a4e82702c6d9f9_JaffaCakes118
Size

164KB
Sample

241130-ft8vvayman
MD5

b4ed6d8ddf83e70e08a4e82702c6d9f9
SHA1

36574420267048882b042b7dc064a153b9921c1d
SHA256

24cf031dded3c594d05b35d0f128f25d2ee37b7f088e219ac7a4291abd67b4df
SHA512

bb4a212e1b61f67082727dd6a47c3594089be05e988ce58154c83057f20f76ce186d427959941c1fd29ffc0d3cfaafb4221ea6dddecb919012946fb831610a84
SSDEEP

3072:ximnuVXjzu3vsLrP5voun/VqIoKJfma7tYEoFMhY:vulu3vsPfdqIoK0a7BK

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  b4ed6d8ddf83e70e08a4e82702c6d9f9_JaffaCakes118
- Size
  
  164KB
- MD5
  
  b4ed6d8ddf83e70e08a4e82702c6d9f9
- SHA1
  
  36574420267048882b042b7dc064a153b9921c1d
- SHA256
  
  24cf031dded3c594d05b35d0f128f25d2ee37b7f088e219ac7a4291abd67b4df
- SHA512
  
  bb4a212e1b61f67082727dd6a47c3594089be05e988ce58154c83057f20f76ce186d427959941c1fd29ffc0d3cfaafb4221ea6dddecb919012946fb831610a84
- SSDEEP
  
  3072:ximnuVXjzu3vsLrP5voun/VqIoKJfma7tYEoFMhY:vulu3vsPfdqIoK0a7BK
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2