da4bf75fe96a8178c5bef254592fda6804f82ff0270184bd6b00254b5437d175 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01ea05724cfb052701ba27f6bd0a0e9e_JaffaCakes118
Size

110KB
Sample

240620-cjmcbaxcqr
MD5

01ea05724cfb052701ba27f6bd0a0e9e
SHA1

13411ac1a2d55d6047f96fd0037783dc7e2f553d
SHA256

da4bf75fe96a8178c5bef254592fda6804f82ff0270184bd6b00254b5437d175
SHA512

ca73efa08ff17c823f939042405b79df201b0ae0c6f24d1cb7d6286855852e1247b3e219aa807b8f0891af4f975e6932e752567e40d77e7cad0020615735d628
SSDEEP

1536:UbV1iOPcJqALHOHyv1ovOcDQob70GFOujzvTdxa3a+6Pi8FzU+PCQ:UbDPcJqALyzGIQS7GQz7dxa3Z6q/i

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  01ea05724cfb052701ba27f6bd0a0e9e_JaffaCakes118
- Size
  
  110KB
- MD5
  
  01ea05724cfb052701ba27f6bd0a0e9e
- SHA1
  
  13411ac1a2d55d6047f96fd0037783dc7e2f553d
- SHA256
  
  da4bf75fe96a8178c5bef254592fda6804f82ff0270184bd6b00254b5437d175
- SHA512
  
  ca73efa08ff17c823f939042405b79df201b0ae0c6f24d1cb7d6286855852e1247b3e219aa807b8f0891af4f975e6932e752567e40d77e7cad0020615735d628
- SSDEEP
  
  1536:UbV1iOPcJqALHOHyv1ovOcDQob70GFOujzvTdxa3a+6Pi8FzU+PCQ:UbDPcJqALyzGIQS7GQz7dxa3Z6q/i
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2