2532eb60aa8a5c4ca4384d626912ab2a0461e545d3af08b62a18a9e205a25db4 | Triage

Sharing

General

Target

f670286a8e62d76f5d59bd304da8ac89_JaffaCakes118
Size

88KB
Sample

240417-xgyyjsaf68
MD5

f670286a8e62d76f5d59bd304da8ac89
SHA1

c94055977f0ff503d684b0bf430acb1d614ab458
SHA256

2532eb60aa8a5c4ca4384d626912ab2a0461e545d3af08b62a18a9e205a25db4
SHA512

b652f1f5ecd6668d0ee6930ff9f56677e71affe95597a5f9e3b85a96516a8a2fb16baa42bfd69bc13daef7d9ba34c05a69b229cf8c6c2775ad11d85d4e923fc2
SSDEEP

1536:mREDXYSR8y57Oq5P2LqkhMbtzw2TIC/VVjAMIG82Gsbldc6nY6w4Sgj:wEDXYSRFIqyqkhMbtzhTIMVyd4GsLYbO

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  f670286a8e62d76f5d59bd304da8ac89_JaffaCakes118
- Size
  
  88KB
- MD5
  
  f670286a8e62d76f5d59bd304da8ac89
- SHA1
  
  c94055977f0ff503d684b0bf430acb1d614ab458
- SHA256
  
  2532eb60aa8a5c4ca4384d626912ab2a0461e545d3af08b62a18a9e205a25db4
- SHA512
  
  b652f1f5ecd6668d0ee6930ff9f56677e71affe95597a5f9e3b85a96516a8a2fb16baa42bfd69bc13daef7d9ba34c05a69b229cf8c6c2775ad11d85d4e923fc2
- SSDEEP
  
  1536:mREDXYSR8y57Oq5P2LqkhMbtzw2TIC/VVjAMIG82Gsbldc6nY6w4Sgj:wEDXYSRFIqyqkhMbtzhTIMVyd4GsLYbO
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2