9a416d5bf4b952c86a75dffb498ee31ff0e0a7ac9cf91af8ca7fdea44323f4bd | Triage

Sharing

General

Target

381b4d709ba547d3a6771aef0d0f1bfb_JaffaCakes118
Size

706KB
Sample

240711-hmfxlathjl
MD5

381b4d709ba547d3a6771aef0d0f1bfb
SHA1

cf6a0432f24349883b3f0a6da7382f19d6abebc5
SHA256

9a416d5bf4b952c86a75dffb498ee31ff0e0a7ac9cf91af8ca7fdea44323f4bd
SHA512

bbb1a66d87ca25f5aa5230c2cf7b5b43163dea36f16d761dfa7dbffcd402793ea3b9febd87ea1c3b2aa58ac165d10dff7c6a9f0dd412a29f74adc41439c8b5e3
SSDEEP

12288:XdbQIwxmjZew99ENoOLaJpL7MJX32/1SPpSLqx9QkScLdR1pi0:94Mew99ENoGaJpLqXoc8q7mmzV

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  381b4d709ba547d3a6771aef0d0f1bfb_JaffaCakes118
- Size
  
  706KB
- MD5
  
  381b4d709ba547d3a6771aef0d0f1bfb
- SHA1
  
  cf6a0432f24349883b3f0a6da7382f19d6abebc5
- SHA256
  
  9a416d5bf4b952c86a75dffb498ee31ff0e0a7ac9cf91af8ca7fdea44323f4bd
- SHA512
  
  bbb1a66d87ca25f5aa5230c2cf7b5b43163dea36f16d761dfa7dbffcd402793ea3b9febd87ea1c3b2aa58ac165d10dff7c6a9f0dd412a29f74adc41439c8b5e3
- SSDEEP
  
  12288:XdbQIwxmjZew99ENoOLaJpL7MJX32/1SPpSLqx9QkScLdR1pi0:94Mew99ENoGaJpLqXoc8q7mmzV
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2