42c292c32b7577b26201e3b54abaf26cbcb84f94750e8f4c32a070f86d88840b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2eb1835e50fb0ac8b2b4a654a758fd5e_JaffaCakes118
Size

486KB
Sample

240709-c16saathqc
MD5

2eb1835e50fb0ac8b2b4a654a758fd5e
SHA1

c67c4a7c851c327dc594ec51a4d703c7f335e242
SHA256

42c292c32b7577b26201e3b54abaf26cbcb84f94750e8f4c32a070f86d88840b
SHA512

84a609aa29ee4ea2537f5103baa653bd58675340903eddc46e88024a3d1d52a56c3d8a0bb1cbd35b08a7930598f02c6c9a2b1c4ae4e7ff8b84afbe033bcb2b82
SSDEEP

6144:TgWN9GUGUPuWb4zA9TSFem40nVl068HjeD9p/Q37wk1WUh44SmCldL3dK9NT4xO6:d9Dn8A9TSYm1HhBo7zIXzDdK9N

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2eb1835e50fb0ac8b2b4a654a758fd5e_JaffaCakes118
- Size
  
  486KB
- MD5
  
  2eb1835e50fb0ac8b2b4a654a758fd5e
- SHA1
  
  c67c4a7c851c327dc594ec51a4d703c7f335e242
- SHA256
  
  42c292c32b7577b26201e3b54abaf26cbcb84f94750e8f4c32a070f86d88840b
- SHA512
  
  84a609aa29ee4ea2537f5103baa653bd58675340903eddc46e88024a3d1d52a56c3d8a0bb1cbd35b08a7930598f02c6c9a2b1c4ae4e7ff8b84afbe033bcb2b82
- SSDEEP
  
  6144:TgWN9GUGUPuWb4zA9TSFem40nVl068HjeD9p/Q37wk1WUh44SmCldL3dK9NT4xO6:d9Dn8A9TSYm1HhBo7zIXzDdK9N
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2