53b455a8356fd1a2c923fe6363632ff04ad38584bc9f56bfad5507c93620fd7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16a023bb5f5470831a517848103ba899_JaffaCakes118
Size

20KB
Sample

240627-tgwlmsyflg
MD5

16a023bb5f5470831a517848103ba899
SHA1

5bd65d535ec77f201505dc7caa9a21d92c52aa86
SHA256

53b455a8356fd1a2c923fe6363632ff04ad38584bc9f56bfad5507c93620fd7f
SHA512

a6f9bb037e0f611ff17eb254ea29ffd55747dfa18b8bd9002a5d2d46a0945df03055f6a08a5fdee297d6eb5086be7a45d6df0a131c4839ef5625d472f6ca3e4e
SSDEEP

384:pWCfFWMVblgGadiqzk5Xj+5o3vHOgNdjBAns01fKs6yeNluEIIDzTWr4V:NRFlFPqzYsWvHOgdS2r7IIDzTWr4V

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  16a023bb5f5470831a517848103ba899_JaffaCakes118
- Size
  
  20KB
- MD5
  
  16a023bb5f5470831a517848103ba899
- SHA1
  
  5bd65d535ec77f201505dc7caa9a21d92c52aa86
- SHA256
  
  53b455a8356fd1a2c923fe6363632ff04ad38584bc9f56bfad5507c93620fd7f
- SHA512
  
  a6f9bb037e0f611ff17eb254ea29ffd55747dfa18b8bd9002a5d2d46a0945df03055f6a08a5fdee297d6eb5086be7a45d6df0a131c4839ef5625d472f6ca3e4e
- SSDEEP
  
  384:pWCfFWMVblgGadiqzk5Xj+5o3vHOgNdjBAns01fKs6yeNluEIIDzTWr4V:NRFlFPqzYsWvHOgdS2r7IIDzTWr4V
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2