be1b36dc83c3a2a6c05933ea05a382c98481a4df3e42d08203138f20eab384a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

209b42f2445016b28f931e6d37822e0e_JaffaCakes118
Size

8.9MB
Sample

240329-nchlbsfe4v
MD5

209b42f2445016b28f931e6d37822e0e
SHA1

a17348117a7b388abd44bfef9eeab7aa2f9703bd
SHA256

be1b36dc83c3a2a6c05933ea05a382c98481a4df3e42d08203138f20eab384a9
SHA512

6178eeaaf75b1c0b82378b2a8623903f81b782389d18ab5352f0f87a33c0a353d5bf958fdbfa7501547d3f42a886a8eec9f1e8374d463d214878ac072708fb59
SSDEEP

196608:8Razg7DSmRazg7DSmsRazg7DSmRazg7DSm3:5g7uDg7uYg7uDg7uA

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  209b42f2445016b28f931e6d37822e0e_JaffaCakes118
- Size
  
  8.9MB
- MD5
  
  209b42f2445016b28f931e6d37822e0e
- SHA1
  
  a17348117a7b388abd44bfef9eeab7aa2f9703bd
- SHA256
  
  be1b36dc83c3a2a6c05933ea05a382c98481a4df3e42d08203138f20eab384a9
- SHA512
  
  6178eeaaf75b1c0b82378b2a8623903f81b782389d18ab5352f0f87a33c0a353d5bf958fdbfa7501547d3f42a886a8eec9f1e8374d463d214878ac072708fb59
- SSDEEP
  
  196608:8Razg7DSmRazg7DSmsRazg7DSmRazg7DSm3:5g7uDg7uYg7uDg7uA
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2