02a42d6a2652bb72a919bd658184f7860685e5e51aaddc69ea33014dd6c08079 | Triage

Sharing

General

Target

74aaa1fe9469b55432297e6cea88fb0d_JaffaCakes118
Size

3.6MB
Sample

240526-hp3t5sbe67
MD5

74aaa1fe9469b55432297e6cea88fb0d
SHA1

d9f92b7eafb2504bd88ed7f7f0a00ad7672ccceb
SHA256

02a42d6a2652bb72a919bd658184f7860685e5e51aaddc69ea33014dd6c08079
SHA512

270d91c12b0be9aa461db0011897624fbf4f3e70d0a5d3364d6907fbd8957cfc066440e979373d69f6b9dc24cd7f6e23dccc79c05feaaf79a1843629a8d69b60
SSDEEP

24576:m+qGZSp1/gD/9rfRgRK2Y2miP3lIv2RuvOyQTnXzZ4eqCOiya4/fWiiT/D9SAiZq:7MIDhRgZP36v2RtzZYa+ewJT5wRjEu

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  74aaa1fe9469b55432297e6cea88fb0d_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  74aaa1fe9469b55432297e6cea88fb0d
- SHA1
  
  d9f92b7eafb2504bd88ed7f7f0a00ad7672ccceb
- SHA256
  
  02a42d6a2652bb72a919bd658184f7860685e5e51aaddc69ea33014dd6c08079
- SHA512
  
  270d91c12b0be9aa461db0011897624fbf4f3e70d0a5d3364d6907fbd8957cfc066440e979373d69f6b9dc24cd7f6e23dccc79c05feaaf79a1843629a8d69b60
- SSDEEP
  
  24576:m+qGZSp1/gD/9rfRgRK2Y2miP3lIv2RuvOyQTnXzZ4eqCOiya4/fWiiT/D9SAiZq:7MIDhRgZP36v2RtzZYa+ewJT5wRjEu
Score

8^/10

execution persistence
- Creates new service(s)
  persistence execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

executionpersistence