c9e3b01ac3a42ec087ef7ef1ecc86188750571e581b44f2e958c92eceb4a9107 | Triage

Sharing

General

Target

095818a8f9275b0cf71a820b50a92a83_JaffaCakes118
Size

98KB
Sample

240624-szf38szara
MD5

095818a8f9275b0cf71a820b50a92a83
SHA1

248dfeb6891678138218b93a083e2ee22882f915
SHA256

c9e3b01ac3a42ec087ef7ef1ecc86188750571e581b44f2e958c92eceb4a9107
SHA512

fb186655365f01ecee50fe92a37451ce7cdc3c7c6d5731412a45e1217ebd1f2bc4574fa0ff4d082c0aff1b472bcf009e997d88e6168fbb18481a7230c8d46d84
SSDEEP

3072:4GpX2uxAIyNJYE8n4hKgqanNO1rPNLi5:4GptQJC4EgPnNGPNL

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  095818a8f9275b0cf71a820b50a92a83_JaffaCakes118
- Size
  
  98KB
- MD5
  
  095818a8f9275b0cf71a820b50a92a83
- SHA1
  
  248dfeb6891678138218b93a083e2ee22882f915
- SHA256
  
  c9e3b01ac3a42ec087ef7ef1ecc86188750571e581b44f2e958c92eceb4a9107
- SHA512
  
  fb186655365f01ecee50fe92a37451ce7cdc3c7c6d5731412a45e1217ebd1f2bc4574fa0ff4d082c0aff1b472bcf009e997d88e6168fbb18481a7230c8d46d84
- SSDEEP
  
  3072:4GpX2uxAIyNJYE8n4hKgqanNO1rPNLi5:4GptQJC4EgPnNGPNL
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2