880a9175ad477119a0a20c399f77f6585a5e48ac56ce528d652d350e3411c624 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8654ec820d417bc9d1083ad22c90041_JaffaCakes118
Size

389KB
Sample

240418-vf6kwsbb4x
MD5

f8654ec820d417bc9d1083ad22c90041
SHA1

ed4b14a0a55f97fa937b8f8b8618e99e52d953d3
SHA256

880a9175ad477119a0a20c399f77f6585a5e48ac56ce528d652d350e3411c624
SHA512

c6875b0d723e6188a1481007f756823fefa2b8e8f3a54f8870f74aca80c903df9a9973614d89b7d7796fed6921e6a064e6d2b4bab432fff265b210d0f6f2befc
SSDEEP

12288:usQO/b3k/ufkK5UcHS7hC98U7CJTZMpTbpM56Y:usF/bUuDmcHS3UrvpM5P

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  f8654ec820d417bc9d1083ad22c90041_JaffaCakes118
- Size
  
  389KB
- MD5
  
  f8654ec820d417bc9d1083ad22c90041
- SHA1
  
  ed4b14a0a55f97fa937b8f8b8618e99e52d953d3
- SHA256
  
  880a9175ad477119a0a20c399f77f6585a5e48ac56ce528d652d350e3411c624
- SHA512
  
  c6875b0d723e6188a1481007f756823fefa2b8e8f3a54f8870f74aca80c903df9a9973614d89b7d7796fed6921e6a064e6d2b4bab432fff265b210d0f6f2befc
- SSDEEP
  
  12288:usQO/b3k/ufkK5UcHS7hC98U7CJTZMpTbpM56Y:usF/bUuDmcHS3UrvpM5P
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2