b644ca7ed8779f2d3e0978253df263f4b040fd8a559ac5dfa34808bdd1657c59 | Triage

Sharing

General

Target

e8d27e70148eb1a4fac2fac698f5d567_JaffaCakes118
Size

17KB
Sample

240409-a5nq6agh62
MD5

e8d27e70148eb1a4fac2fac698f5d567
SHA1

2cb7d3e4f8e9a724cd74fad68958fe837ba29f0f
SHA256

b644ca7ed8779f2d3e0978253df263f4b040fd8a559ac5dfa34808bdd1657c59
SHA512

48d5f730d44c273b5966684b67dbfee91385d25a8b03c784249a09fe152e6b312364918ffe9b6194441dafce9351fd219f15e69b7913bd9cb85b3ba88b2bc3b6
SSDEEP

384:DFVYFt9fcmZO2Zp+Nye8pqrmub8TyztsDN:DrM9foKK8o8TyJc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  e8d27e70148eb1a4fac2fac698f5d567_JaffaCakes118
- Size
  
  17KB
- MD5
  
  e8d27e70148eb1a4fac2fac698f5d567
- SHA1
  
  2cb7d3e4f8e9a724cd74fad68958fe837ba29f0f
- SHA256
  
  b644ca7ed8779f2d3e0978253df263f4b040fd8a559ac5dfa34808bdd1657c59
- SHA512
  
  48d5f730d44c273b5966684b67dbfee91385d25a8b03c784249a09fe152e6b312364918ffe9b6194441dafce9351fd219f15e69b7913bd9cb85b3ba88b2bc3b6
- SSDEEP
  
  384:DFVYFt9fcmZO2Zp+Nye8pqrmub8TyztsDN:DrM9foKK8o8TyJc
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2