e8e9ea433a008005d14a030f36674ba712a442249814e2da42c48f1f760a850f | Triage

Sharing

General

Target

be7b4cc749827d365fa9d537091fe570_JaffaCakes118
Size

21KB
Sample

241203-v66zcawjgt
MD5

be7b4cc749827d365fa9d537091fe570
SHA1

9e9d56ee49537dad5795aa7a8db10b152d672176
SHA256

e8e9ea433a008005d14a030f36674ba712a442249814e2da42c48f1f760a850f
SHA512

d2682f4c026fc4a2c13306e3df3255f3181f73c987968a889011751094284633f2a5c5f92cf9b1394bf7d109e7f38a02ed460fa215f31de5a8e2b95e4249206e
SSDEEP

384:EGn35YFXeiBLM9S/HLyKhjgfYCYipdM+mhwYzdHGrjCgfR7To8wRsKOWr:r3m5eiBQGh4HL1wdHGrjC6R7TPWr

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  be7b4cc749827d365fa9d537091fe570_JaffaCakes118
- Size
  
  21KB
- MD5
  
  be7b4cc749827d365fa9d537091fe570
- SHA1
  
  9e9d56ee49537dad5795aa7a8db10b152d672176
- SHA256
  
  e8e9ea433a008005d14a030f36674ba712a442249814e2da42c48f1f760a850f
- SHA512
  
  d2682f4c026fc4a2c13306e3df3255f3181f73c987968a889011751094284633f2a5c5f92cf9b1394bf7d109e7f38a02ed460fa215f31de5a8e2b95e4249206e
- SSDEEP
  
  384:EGn35YFXeiBLM9S/HLyKhjgfYCYipdM+mhwYzdHGrjCgfR7To8wRsKOWr:r3m5eiBQGh4HL1wdHGrjC6R7TPWr
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery