2d027c212df0e6ed79e6ba61bee72abc855308b14189a2c48c7cc1f2c1964381 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3294eed3b9b1505d9c8e37ae990f6ddf_JaffaCakes118
Size

614KB
Sample

240710-anqt7avdkn
MD5

3294eed3b9b1505d9c8e37ae990f6ddf
SHA1

65d988638bf65b273f99f603d2beac3cf2270032
SHA256

2d027c212df0e6ed79e6ba61bee72abc855308b14189a2c48c7cc1f2c1964381
SHA512

fb45bdddb77fd4e47249282008aa35b1f1411f5d4b60dbc112a27a962448fa553c6db8545b9ec913a387d86faab81bf023d8ba48f4dd08f6b57d9cafd1fb108a
SSDEEP

12288:oaWz2Mg7v3qnCi8ErQohh0F4CCJ8lnyLQYn:/adMv6CYrjqnyLQ+

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3294eed3b9b1505d9c8e37ae990f6ddf_JaffaCakes118
- Size
  
  614KB
- MD5
  
  3294eed3b9b1505d9c8e37ae990f6ddf
- SHA1
  
  65d988638bf65b273f99f603d2beac3cf2270032
- SHA256
  
  2d027c212df0e6ed79e6ba61bee72abc855308b14189a2c48c7cc1f2c1964381
- SHA512
  
  fb45bdddb77fd4e47249282008aa35b1f1411f5d4b60dbc112a27a962448fa553c6db8545b9ec913a387d86faab81bf023d8ba48f4dd08f6b57d9cafd1fb108a
- SSDEEP
  
  12288:oaWz2Mg7v3qnCi8ErQohh0F4CCJ8lnyLQYn:/adMv6CYrjqnyLQ+
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Modifies system executable filetype association
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2