2232990207e2ce918cff3ff7dfcaab4ff76c09fa642aceb96bd3823060ca5896 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb723f22f07b409469b2ebdbb0955a7b_JaffaCakes118
Size

17KB
Sample

240405-flk4tacf2w
MD5

cb723f22f07b409469b2ebdbb0955a7b
SHA1

0ab8019351ab31d271741c6e3f6eab0ff7872eb0
SHA256

2232990207e2ce918cff3ff7dfcaab4ff76c09fa642aceb96bd3823060ca5896
SHA512

c40ed8486c9da2981fb870cbbaa18751c8691ac7f68b97fc5692c1b63ab182ac21b25e79313f6c7f6c6c405e8353be314e2504971680bdf1e20f20b511b647c4
SSDEEP

384:nFwUaVtQkcmZO2Zp+Nye8pqrmub8TyztsDN:nmUqQkoKK8o8TyJc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  cb723f22f07b409469b2ebdbb0955a7b_JaffaCakes118
- Size
  
  17KB
- MD5
  
  cb723f22f07b409469b2ebdbb0955a7b
- SHA1
  
  0ab8019351ab31d271741c6e3f6eab0ff7872eb0
- SHA256
  
  2232990207e2ce918cff3ff7dfcaab4ff76c09fa642aceb96bd3823060ca5896
- SHA512
  
  c40ed8486c9da2981fb870cbbaa18751c8691ac7f68b97fc5692c1b63ab182ac21b25e79313f6c7f6c6c405e8353be314e2504971680bdf1e20f20b511b647c4
- SSDEEP
  
  384:nFwUaVtQkcmZO2Zp+Nye8pqrmub8TyztsDN:nmUqQkoKK8o8TyJc
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2