95cde0f952b32b04d3f45b0162f80d7a001aeea46b7aea3d6e4552e69f69d285 | Triage

Sharing

General

Target

eaac458aa81f046bf5f3f58625de8b58_JaffaCakes118
Size

7.9MB
Sample

240410-kkcs9scg5v
MD5

eaac458aa81f046bf5f3f58625de8b58
SHA1

beb26f3e935583bca2d88f024d4653fb59c9bb40
SHA256

95cde0f952b32b04d3f45b0162f80d7a001aeea46b7aea3d6e4552e69f69d285
SHA512

ce33c0647bc830bcf729e095fbeee251a15954e355d4ca32428f9a26031903a3065b16f584175cb9fbe26fb4fcfc0cd2f2be0d98e5d778f078146b7d617cc5a7
SSDEEP

196608:87azg7DSm7azg7DSm7azg7DSm7azg7DSN:Hg7uJg7uJg7uJg7uN

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  eaac458aa81f046bf5f3f58625de8b58_JaffaCakes118
- Size
  
  7.9MB
- MD5
  
  eaac458aa81f046bf5f3f58625de8b58
- SHA1
  
  beb26f3e935583bca2d88f024d4653fb59c9bb40
- SHA256
  
  95cde0f952b32b04d3f45b0162f80d7a001aeea46b7aea3d6e4552e69f69d285
- SHA512
  
  ce33c0647bc830bcf729e095fbeee251a15954e355d4ca32428f9a26031903a3065b16f584175cb9fbe26fb4fcfc0cd2f2be0d98e5d778f078146b7d617cc5a7
- SSDEEP
  
  196608:87azg7DSm7azg7DSm7azg7DSm7azg7DSN:Hg7uJg7uJg7uJg7uN
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2