b81e6b18c70b9e5e7359627dad5a7a8f8b0caef8a88382a7031c9fdfe1266a05 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02492dcb69bd6ac3e6d41ad235ba8b18_JaffaCakes118
Size

148KB
Sample

240620-dl7lpsvgqa
MD5

02492dcb69bd6ac3e6d41ad235ba8b18
SHA1

23b36ea44a337979610379415c18b3c6ac229597
SHA256

b81e6b18c70b9e5e7359627dad5a7a8f8b0caef8a88382a7031c9fdfe1266a05
SHA512

b3c484fd8f7371834e95014d9a15ea94eca7c3b7e2538ee7b894baefd329c97d6bb616dfe7a2f50609c3374c8e559d1619366f7e87e91370013c802cc4e26b1e
SSDEEP

3072:6k9+mDQJnGhJBb6uN1geO+PlyaRxxB+/xU7zlmifEamhVk:6vvcb6Y1ggHxP7wpFh

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  02492dcb69bd6ac3e6d41ad235ba8b18_JaffaCakes118
- Size
  
  148KB
- MD5
  
  02492dcb69bd6ac3e6d41ad235ba8b18
- SHA1
  
  23b36ea44a337979610379415c18b3c6ac229597
- SHA256
  
  b81e6b18c70b9e5e7359627dad5a7a8f8b0caef8a88382a7031c9fdfe1266a05
- SHA512
  
  b3c484fd8f7371834e95014d9a15ea94eca7c3b7e2538ee7b894baefd329c97d6bb616dfe7a2f50609c3374c8e559d1619366f7e87e91370013c802cc4e26b1e
- SSDEEP
  
  3072:6k9+mDQJnGhJBb6uN1geO+PlyaRxxB+/xU7zlmifEamhVk:6vvcb6Y1ggHxP7wpFh
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2