3eb1fa611a131e1e7c0506c57ef43fd7462c028f0ab9b144c70998424d5a291f | Triage

Sharing

General

Target

0e9a2833e8048b51e6f787698ad97196_JaffaCakes118
Size

72KB
Sample

240502-qg2k4sbg54
MD5

0e9a2833e8048b51e6f787698ad97196
SHA1

9a2d7c551e6e748b89740009924b59c9152c5663
SHA256

3eb1fa611a131e1e7c0506c57ef43fd7462c028f0ab9b144c70998424d5a291f
SHA512

eed66f115e533c8292c91d28250ef9c2def93459c60572d55698a029b41fb6b28955a12f7d5a789b0b411a9daad9fdc738f8708ef7cf6b84bb22a563eff687aa
SSDEEP

1536:G+VW7uANjQ57NBtRhQxq5BSwgVyY02cMe1:P9tRtarVyYNS1

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  0e9a2833e8048b51e6f787698ad97196_JaffaCakes118
- Size
  
  72KB
- MD5
  
  0e9a2833e8048b51e6f787698ad97196
- SHA1
  
  9a2d7c551e6e748b89740009924b59c9152c5663
- SHA256
  
  3eb1fa611a131e1e7c0506c57ef43fd7462c028f0ab9b144c70998424d5a291f
- SHA512
  
  eed66f115e533c8292c91d28250ef9c2def93459c60572d55698a029b41fb6b28955a12f7d5a789b0b411a9daad9fdc738f8708ef7cf6b84bb22a563eff687aa
- SSDEEP
  
  1536:G+VW7uANjQ57NBtRhQxq5BSwgVyY02cMe1:P9tRtarVyYNS1
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2