a423193c571a7726f20bcd42e9c9658cbaaf36237ecbfb8b70ca00f2aea4d65d | Triage

Sharing

General

Target

f8a154521bd546c4a2e9704f63def716_JaffaCakes118
Size

10KB
Sample

240418-ydm8bada59
MD5

f8a154521bd546c4a2e9704f63def716
SHA1

89c24d1f3043b5891a494b0e8b3f422642b0ac7e
SHA256

a423193c571a7726f20bcd42e9c9658cbaaf36237ecbfb8b70ca00f2aea4d65d
SHA512

d308a0b06695a1f0c92c1424bd5fa83dac8b242d2a8feced95607301f8cd73d4f75c2828ee61b97f7327a76a116ddd65b7d112efe622425e8f7ae70eed8400a7
SSDEEP

192:m8sc7GOuYqBAo+0Q2kn+AhoXUgzaUGJDqhEGk5NLpoBYswx58b0UHW:m8f7GOuZljkn+A+aJDWEGUpsM5JYW

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f8a154521bd546c4a2e9704f63def716_JaffaCakes118
- Size
  
  10KB
- MD5
  
  f8a154521bd546c4a2e9704f63def716
- SHA1
  
  89c24d1f3043b5891a494b0e8b3f422642b0ac7e
- SHA256
  
  a423193c571a7726f20bcd42e9c9658cbaaf36237ecbfb8b70ca00f2aea4d65d
- SHA512
  
  d308a0b06695a1f0c92c1424bd5fa83dac8b242d2a8feced95607301f8cd73d4f75c2828ee61b97f7327a76a116ddd65b7d112efe622425e8f7ae70eed8400a7
- SSDEEP
  
  192:m8sc7GOuYqBAo+0Q2kn+AhoXUgzaUGJDqhEGk5NLpoBYswx58b0UHW:m8f7GOuZljkn+A+aJDWEGUpsM5JYW
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2