b541d361391b2db5b07660135afa83c2451eea061b0374191a21986fbab361f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5beab07667b8fdf824277baf63a5dde_JaffaCakes118
Size

7.9MB
Sample

240405-rbwcksed65
MD5

d5beab07667b8fdf824277baf63a5dde
SHA1

205cb43ee9d4c7437de71a102446000840f1563d
SHA256

b541d361391b2db5b07660135afa83c2451eea061b0374191a21986fbab361f9
SHA512

a42b9abd1340178ebdf0029aecc52d2147648f5196001152386058ba6f33efbd207074860ca0f3e7107167556eac1afe889b859625f4af1226f194e1932a0580
SSDEEP

196608:8Cazg7DSmCazg7DSmCazg7DSmCazg7DSN:Eg7uOg7uOg7uOg7uN

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  d5beab07667b8fdf824277baf63a5dde_JaffaCakes118
- Size
  
  7.9MB
- MD5
  
  d5beab07667b8fdf824277baf63a5dde
- SHA1
  
  205cb43ee9d4c7437de71a102446000840f1563d
- SHA256
  
  b541d361391b2db5b07660135afa83c2451eea061b0374191a21986fbab361f9
- SHA512
  
  a42b9abd1340178ebdf0029aecc52d2147648f5196001152386058ba6f33efbd207074860ca0f3e7107167556eac1afe889b859625f4af1226f194e1932a0580
- SSDEEP
  
  196608:8Cazg7DSmCazg7DSmCazg7DSmCazg7DSN:Eg7uOg7uOg7uOg7uN
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2