4af138063b2bfe21982670ade5a685d6142d31fe1998d4aa63b3e8e17234112f | Triage

Sharing

General

Target

f4a6f692b6119c65fbf3d8166a75bbda_JaffaCakes118
Size

162KB
Sample

240417-aqdbwaaa6y
MD5

f4a6f692b6119c65fbf3d8166a75bbda
SHA1

358eb804ea2684570eb3c94216d91a4065d2fe65
SHA256

4af138063b2bfe21982670ade5a685d6142d31fe1998d4aa63b3e8e17234112f
SHA512

2a2ab08b8452d8e11a88b53b400721fc85d88eece439c227bfce0d4bc993b328975fa0ab0ae1958fe56f69d55f6af920efcf14f726cd201e8eac9f7094c95ad3
SSDEEP

3072:ghvf+yM1CY3Z7Zd7DO+gzqK380UOi2td4PonkdduoYFIEkckD:gh3+J1R77uq30JtdUonqduoexkck

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  f4a6f692b6119c65fbf3d8166a75bbda_JaffaCakes118
- Size
  
  162KB
- MD5
  
  f4a6f692b6119c65fbf3d8166a75bbda
- SHA1
  
  358eb804ea2684570eb3c94216d91a4065d2fe65
- SHA256
  
  4af138063b2bfe21982670ade5a685d6142d31fe1998d4aa63b3e8e17234112f
- SHA512
  
  2a2ab08b8452d8e11a88b53b400721fc85d88eece439c227bfce0d4bc993b328975fa0ab0ae1958fe56f69d55f6af920efcf14f726cd201e8eac9f7094c95ad3
- SSDEEP
  
  3072:ghvf+yM1CY3Z7Zd7DO+gzqK380UOi2td4PonkdduoYFIEkckD:gh3+J1R77uq30JtdUonqduoexkck
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2