d2c191efb48178d2a6839a88d12aa06a2ac290e2e0205cf41ada5c30c977dde4 | Triage

Sharing

General

Target

16df3e18364b87c964faa0a3831a9139_JaffaCakes118
Size

614KB
Sample

240627-v2xvwasakh
MD5

16df3e18364b87c964faa0a3831a9139
SHA1

6aa62a43b4c155cfd559d8da772dfdeef81d5429
SHA256

d2c191efb48178d2a6839a88d12aa06a2ac290e2e0205cf41ada5c30c977dde4
SHA512

b6a8bb9b675b3d7230747cb242ab76bf753273f1c32293d2e69b02a0ded744c16666eee66c409693897d4fa93a1be9d581bb4d9f4b146abbdb9bcade7c4c9643
SSDEEP

12288:YaWz2Mg7v3qnCi8ErQohh0F4CCJ8lnyLQYn:PadMv6CYrjqnyLQ+

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  16df3e18364b87c964faa0a3831a9139_JaffaCakes118
- Size
  
  614KB
- MD5
  
  16df3e18364b87c964faa0a3831a9139
- SHA1
  
  6aa62a43b4c155cfd559d8da772dfdeef81d5429
- SHA256
  
  d2c191efb48178d2a6839a88d12aa06a2ac290e2e0205cf41ada5c30c977dde4
- SHA512
  
  b6a8bb9b675b3d7230747cb242ab76bf753273f1c32293d2e69b02a0ded744c16666eee66c409693897d4fa93a1be9d581bb4d9f4b146abbdb9bcade7c4c9643
- SSDEEP
  
  12288:YaWz2Mg7v3qnCi8ErQohh0F4CCJ8lnyLQYn:PadMv6CYrjqnyLQ+
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Modifies system executable filetype association
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2