4a8824bedd58f5cae6131e760422d5deada7cd4d943f25e6f8a8a8d64bbe0440 | Triage

Sharing

General

Target

2b781ae21625a267e9d16a69ea1221cb_JaffaCakes118
Size

104KB
Sample

240708-janbks1bme
MD5

2b781ae21625a267e9d16a69ea1221cb
SHA1

e51a8698f7bb779a40729770b832bffbb58bcbb1
SHA256

4a8824bedd58f5cae6131e760422d5deada7cd4d943f25e6f8a8a8d64bbe0440
SHA512

e197266507a0027a0f0594a5c3ba67b58420387617765d243e115b9b244c7c9c53c32845716cb1be1cd8961a1bbdcf25beaac63f604ff6d206f2e04001be7d5d
SSDEEP

1536:0XNjGZXX7tYdHF7Z0gWm7BQ6kHjdBSLOI6rFrrVU7Atih7fVlOq5yPENUps2S:WSJYdHz7CXHjiLUFM8o6q5n6s5

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2b781ae21625a267e9d16a69ea1221cb_JaffaCakes118
- Size
  
  104KB
- MD5
  
  2b781ae21625a267e9d16a69ea1221cb
- SHA1
  
  e51a8698f7bb779a40729770b832bffbb58bcbb1
- SHA256
  
  4a8824bedd58f5cae6131e760422d5deada7cd4d943f25e6f8a8a8d64bbe0440
- SHA512
  
  e197266507a0027a0f0594a5c3ba67b58420387617765d243e115b9b244c7c9c53c32845716cb1be1cd8961a1bbdcf25beaac63f604ff6d206f2e04001be7d5d
- SSDEEP
  
  1536:0XNjGZXX7tYdHF7Z0gWm7BQ6kHjdBSLOI6rFrrVU7Atih7fVlOq5yPENUps2S:WSJYdHz7CXHjiLUFM8o6q5n6s5
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2