f62250be625fa9c7ba1d7f31cf3f4e2f723a8c32a056a6eeef8f15360619e4b2 | Triage

Sharing

General

Target

34c6c16ff04a6e3f21258e591aa36b1d_JaffaCakes118
Size

217KB
Sample

240710-pyz8yaydpk
MD5

34c6c16ff04a6e3f21258e591aa36b1d
SHA1

666e6c5f30c76891ec02e5616a3dc53c30ccfd30
SHA256

f62250be625fa9c7ba1d7f31cf3f4e2f723a8c32a056a6eeef8f15360619e4b2
SHA512

fdb7446a96c67a366271f0154aad2c9a7c1eb901f583f92c643bb5c5823bcdfe02c8c4a84d66ee0941a83a6968d66faf041b163f58f90818a677d5cf159bacb3
SSDEEP

3072:1gRYSzZ+518CpxoPL7nYqQ8Xx0BpFJti4VPCr3WHYvGE8a0A+te:6/vCp6TrYqQ8XOBpzbYgYX8a0E

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  34c6c16ff04a6e3f21258e591aa36b1d_JaffaCakes118
- Size
  
  217KB
- MD5
  
  34c6c16ff04a6e3f21258e591aa36b1d
- SHA1
  
  666e6c5f30c76891ec02e5616a3dc53c30ccfd30
- SHA256
  
  f62250be625fa9c7ba1d7f31cf3f4e2f723a8c32a056a6eeef8f15360619e4b2
- SHA512
  
  fdb7446a96c67a366271f0154aad2c9a7c1eb901f583f92c643bb5c5823bcdfe02c8c4a84d66ee0941a83a6968d66faf041b163f58f90818a677d5cf159bacb3
- SSDEEP
  
  3072:1gRYSzZ+518CpxoPL7nYqQ8Xx0BpFJti4VPCr3WHYvGE8a0A+te:6/vCp6TrYqQ8XOBpzbYgYX8a0E
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2