aac36f2fcf4045de2be68840fef307796e6eca6d3bbb361142b884d5149f4567 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0411b15eabbb416000e00bd964e8d7e0_JaffaCakes118
Size

1.8MB
Sample

240428-bsfqfsch82
MD5

0411b15eabbb416000e00bd964e8d7e0
SHA1

f039f48abbcfc68da66d7024a521c392df1136f9
SHA256

aac36f2fcf4045de2be68840fef307796e6eca6d3bbb361142b884d5149f4567
SHA512

67589e3999d7e3fd94367693ff7c2eb6b03c30f8c94b1e9cfbd2ae9f5ab7e8798b38bb7933d0bd119cdba2d1700277e28053f23dd81fe7d9fd3d6deb3a70d85e
SSDEEP

49152:TFmPI7nY4trwcOUfORqEEAWoihzdZ0ZJ73d8RCuz:geY4traB5fWoihL7Rp

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  AcroRd32Top.exe
- Size
  
  2.2MB
- MD5
  
  fc33204ba896aca45f1ceb8346c7de86
- SHA1
  
  a9e56d4891b86b8316c7dcb91fbe01b3368ee81a
- SHA256
  
  abf1af96086d34464b95eec2a4cfd43a4ad262f9cf673952b19466fb73856f7f
- SHA512
  
  65683b71b8cab7898d519501ad2786cd214bbbcead1ac20e80b2e9a03e37edd72b0c728fc789c639d75a1f96b4acc307ca1586d6510774a9cc6a9a0b929b9aa8
- SSDEEP
  
  49152:nLjHk2wuWMo8jetuv1umVsdyUqZ1FfWcoJLR2RF:XkOxdsdUOcalyF
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2