d60db77657efe6a3dd701bf72bc16dfb56306bc1b0d508a549aca0d8f36338c1 | Triage

Sharing

General

Target

0b7c9f69a94b45d3ba41ec21747d5257_JaffaCakes118
Size

155KB
Sample

240625-anglhstbqk
MD5

0b7c9f69a94b45d3ba41ec21747d5257
SHA1

09f42eb50a34500f6cc3cde6a18dce0883707986
SHA256

d60db77657efe6a3dd701bf72bc16dfb56306bc1b0d508a549aca0d8f36338c1
SHA512

af3eadc5c49b43048ac9195f98001ded443463d337dade79e7ea90ca0623955aa1aed23b0f45e7964b7797cc63bf95aa31025930443ad2d87e8e7e2c891d6aa3
SSDEEP

3072:Nnj9jtfU+INndIc0JHmHkCAZfViVUdR2ckgAWTjlohOg6sZQGfPUMAlXzsl:NjbeinU3Cf34ck/WTjCkgvfgB

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0b7c9f69a94b45d3ba41ec21747d5257_JaffaCakes118
- Size
  
  155KB
- MD5
  
  0b7c9f69a94b45d3ba41ec21747d5257
- SHA1
  
  09f42eb50a34500f6cc3cde6a18dce0883707986
- SHA256
  
  d60db77657efe6a3dd701bf72bc16dfb56306bc1b0d508a549aca0d8f36338c1
- SHA512
  
  af3eadc5c49b43048ac9195f98001ded443463d337dade79e7ea90ca0623955aa1aed23b0f45e7964b7797cc63bf95aa31025930443ad2d87e8e7e2c891d6aa3
- SSDEEP
  
  3072:Nnj9jtfU+INndIc0JHmHkCAZfViVUdR2ckgAWTjlohOg6sZQGfPUMAlXzsl:NjbeinU3Cf34ck/WTjCkgvfgB
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2