ffffe82884f58422e0ed7b3b6e5bb8fa89c596f20598a022acf53d8ce1609115 | Triage

Sharing

General

Target

23f6bcc0c3a0946047f2e36256c64ca8_JaffaCakes118
Size

68KB
Sample

240704-ahe6havgmd
MD5

23f6bcc0c3a0946047f2e36256c64ca8
SHA1

bac0a6dc201485d9935d786086f618fbdecb92df
SHA256

ffffe82884f58422e0ed7b3b6e5bb8fa89c596f20598a022acf53d8ce1609115
SHA512

e6eca3ccb158a303b4f30d1b3b09198e263dbc74b7de1c7ad2db95a2dcfc455fabd30c38c856baabe1eb80077d020f84a18ecb32cedc884a5e1aca1aebf8855a
SSDEEP

768:x0wRKh1v1TSQSu7xpproW6DLH2X196TjNXHoVCosvrWJGgK9cRU82:xBUpSgr+H2mTjN3uCt82

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  23f6bcc0c3a0946047f2e36256c64ca8_JaffaCakes118
- Size
  
  68KB
- MD5
  
  23f6bcc0c3a0946047f2e36256c64ca8
- SHA1
  
  bac0a6dc201485d9935d786086f618fbdecb92df
- SHA256
  
  ffffe82884f58422e0ed7b3b6e5bb8fa89c596f20598a022acf53d8ce1609115
- SHA512
  
  e6eca3ccb158a303b4f30d1b3b09198e263dbc74b7de1c7ad2db95a2dcfc455fabd30c38c856baabe1eb80077d020f84a18ecb32cedc884a5e1aca1aebf8855a
- SSDEEP
  
  768:x0wRKh1v1TSQSu7xpproW6DLH2X196TjNXHoVCosvrWJGgK9cRU82:xBUpSgr+H2mTjN3uCt82
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2