4e6a78180d2c81fa4c6f51adc063bd8f6b150640a7f71dccd59c33983e95c837 | Triage

Sharing

General

Target

be885a248794151b953cd4b95d4289cf_JaffaCakes118
Size

265KB
Sample

241203-wfn7aawnds
MD5

be885a248794151b953cd4b95d4289cf
SHA1

20fad66269708fa603b4c8e6e102bcc2808ed2f0
SHA256

4e6a78180d2c81fa4c6f51adc063bd8f6b150640a7f71dccd59c33983e95c837
SHA512

826b12b136be99b74e1e1a8bbe71d3116f5510c4ac02b0cdcad261057dbe8cd3309028e2a3e1d7c60540869e5bcf5afc1de0f685a03f16b3e0dbf2a3e0aa8c4e
SSDEEP

3072:ZYUb5QoJ4g+Ri+ZjKIz1ZdW4SrOLVSVpQ:ZY7xhKSZI4zLVSVpQ

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  be885a248794151b953cd4b95d4289cf_JaffaCakes118
- Size
  
  265KB
- MD5
  
  be885a248794151b953cd4b95d4289cf
- SHA1
  
  20fad66269708fa603b4c8e6e102bcc2808ed2f0
- SHA256
  
  4e6a78180d2c81fa4c6f51adc063bd8f6b150640a7f71dccd59c33983e95c837
- SHA512
  
  826b12b136be99b74e1e1a8bbe71d3116f5510c4ac02b0cdcad261057dbe8cd3309028e2a3e1d7c60540869e5bcf5afc1de0f685a03f16b3e0dbf2a3e0aa8c4e
- SSDEEP
  
  3072:ZYUb5QoJ4g+Ri+ZjKIz1ZdW4SrOLVSVpQ:ZY7xhKSZI4zLVSVpQ
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery