be72468b4c52745c92edfeb0668423da6ff8313237eeb18668913ec7a479ebf0 | Triage

Sharing

General

Target

1885ac32164a3c3fb975282fd657af8b_JaffaCakes118
Size

33KB
Sample

240628-db6lnaxdnc
MD5

1885ac32164a3c3fb975282fd657af8b
SHA1

4fa06d53f0fb773eebfb57ec9ce59da866821daf
SHA256

be72468b4c52745c92edfeb0668423da6ff8313237eeb18668913ec7a479ebf0
SHA512

85a7b0f4a85f3e16bec4dc35bce6e289869445f705d817e25029d87998af6b2094fd28b28836990dc5582141cd4c4e50befa989487e243ddfcf3581eba1100ec
SSDEEP

384:Gr9MUfDopREmd3yghuQtmJuLnfGFpm4ZNPq53m6Cjyg/v1PwJA3d7i4C+zrZ1xV4:Kzf01JyrlJUf8pmD+G0gKxydcXFy/

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  1885ac32164a3c3fb975282fd657af8b_JaffaCakes118
- Size
  
  33KB
- MD5
  
  1885ac32164a3c3fb975282fd657af8b
- SHA1
  
  4fa06d53f0fb773eebfb57ec9ce59da866821daf
- SHA256
  
  be72468b4c52745c92edfeb0668423da6ff8313237eeb18668913ec7a479ebf0
- SHA512
  
  85a7b0f4a85f3e16bec4dc35bce6e289869445f705d817e25029d87998af6b2094fd28b28836990dc5582141cd4c4e50befa989487e243ddfcf3581eba1100ec
- SSDEEP
  
  384:Gr9MUfDopREmd3yghuQtmJuLnfGFpm4ZNPq53m6Cjyg/v1PwJA3d7i4C+zrZ1xV4:Kzf01JyrlJUf8pmD+G0gKxydcXFy/
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2