88cd987421b7810d571cd91ea722eb2731a83c2425a7bf8b0d47480ab7a70af9 | Triage

Sharing

General

Target

edc623389ea7cfe31884a79821e21b69_JaffaCakes118
Size

146KB
Sample

240411-s5mszahg9s
MD5

edc623389ea7cfe31884a79821e21b69
SHA1

a45eb688b48feb67e942f1a5c0f3ddb897068b12
SHA256

88cd987421b7810d571cd91ea722eb2731a83c2425a7bf8b0d47480ab7a70af9
SHA512

ced0179d5ff54f3c12824872d85e3c4798471af9e1e24d38afed0f400cc1e044a9d8642ca27e0dab85094c932d95b529198aaf00bd75c8c68939f7d41c1a16ce
SSDEEP

3072:LTIOYS71IE6d4WfgJ+Og07Iw3S5GHVvANfuaZyIYlfxu/YWcShby:LkdS10dtfgrg0v33VoNfuaWfQYYby

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  edc623389ea7cfe31884a79821e21b69_JaffaCakes118
- Size
  
  146KB
- MD5
  
  edc623389ea7cfe31884a79821e21b69
- SHA1
  
  a45eb688b48feb67e942f1a5c0f3ddb897068b12
- SHA256
  
  88cd987421b7810d571cd91ea722eb2731a83c2425a7bf8b0d47480ab7a70af9
- SHA512
  
  ced0179d5ff54f3c12824872d85e3c4798471af9e1e24d38afed0f400cc1e044a9d8642ca27e0dab85094c932d95b529198aaf00bd75c8c68939f7d41c1a16ce
- SSDEEP
  
  3072:LTIOYS71IE6d4WfgJ+Og07Iw3S5GHVvANfuaZyIYlfxu/YWcShby:LkdS10dtfgrg0v33VoNfuaWfQYYby
Score

8^/10

persistence
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2