4e4eb36ffc85d36e3b6a5e820e20157e575bc4f2d9790b58ec4c614954cf9bea | Triage

Sharing

General

Target

f560bd10a1d8dce1a0c65d3c4ca728ea_JaffaCakes118
Size

351KB
Sample

240417-z5a8haec89
MD5

f560bd10a1d8dce1a0c65d3c4ca728ea
SHA1

9521377f6df44705e0732759967d97c24d2936c5
SHA256

4e4eb36ffc85d36e3b6a5e820e20157e575bc4f2d9790b58ec4c614954cf9bea
SHA512

375cd11eb9a05d69d5791f9479cf556cf208ee64b1514c50602f65b79f023ea4bba1111110007b36115ddb5282c63375f4e5cd07e82ee239b1430aafe5df206e
SSDEEP

6144:tAFm5ovkVwJTBwKqRH18Ro29Rdm/ItQ6Xpgq/LsfO4qeT:6Fm5o8wJd9QonRg/IC6Xpf+p

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f560bd10a1d8dce1a0c65d3c4ca728ea_JaffaCakes118
- Size
  
  351KB
- MD5
  
  f560bd10a1d8dce1a0c65d3c4ca728ea
- SHA1
  
  9521377f6df44705e0732759967d97c24d2936c5
- SHA256
  
  4e4eb36ffc85d36e3b6a5e820e20157e575bc4f2d9790b58ec4c614954cf9bea
- SHA512
  
  375cd11eb9a05d69d5791f9479cf556cf208ee64b1514c50602f65b79f023ea4bba1111110007b36115ddb5282c63375f4e5cd07e82ee239b1430aafe5df206e
- SSDEEP
  
  6144:tAFm5ovkVwJTBwKqRH18Ro29Rdm/ItQ6Xpgq/LsfO4qeT:6Fm5o8wJd9QonRg/IC6Xpf+p
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2