261788c2aaca7611db9410ea04786168a55b94e8a5e60f1724ab8c5fcef78c04 | Triage

Sharing

General

Target

280530f1a673e951ab6b6274241254eb_JaffaCakes118
Size

160KB
Sample

240706-k8k5jstdnq
MD5

280530f1a673e951ab6b6274241254eb
SHA1

4b7e4e9f55241ca9c09fd52a0864d00fb5207898
SHA256

261788c2aaca7611db9410ea04786168a55b94e8a5e60f1724ab8c5fcef78c04
SHA512

608f470d241b3843bec6cfea393ab7327ae02e99b19dafbd02780cc0abf6e7aac3fe83f9fadc5adf1394a8c6dedf020f61b0525af0d57ab6178e8124c3da485c
SSDEEP

3072:mw6Kodk8SW8OkrNrE4mzfODOGVoroBxdjk3OH9Jpsae:mXdkW8OkJrCDO6ABvk3M

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  280530f1a673e951ab6b6274241254eb_JaffaCakes118
- Size
  
  160KB
- MD5
  
  280530f1a673e951ab6b6274241254eb
- SHA1
  
  4b7e4e9f55241ca9c09fd52a0864d00fb5207898
- SHA256
  
  261788c2aaca7611db9410ea04786168a55b94e8a5e60f1724ab8c5fcef78c04
- SHA512
  
  608f470d241b3843bec6cfea393ab7327ae02e99b19dafbd02780cc0abf6e7aac3fe83f9fadc5adf1394a8c6dedf020f61b0525af0d57ab6178e8124c3da485c
- SSDEEP
  
  3072:mw6Kodk8SW8OkrNrE4mzfODOGVoroBxdjk3OH9Jpsae:mXdkW8OkJrCDO6ABvk3M
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2