7a6ff237d89319963b9f4b15017b8e4cb07cd7bc8c48abe4b19da5f25abba01f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41bcfb1f463384d10ec7ceab45ff5b05_JaffaCakes118
Size

1.9MB
Sample

240713-p3dwha1eqp
MD5

41bcfb1f463384d10ec7ceab45ff5b05
SHA1

e5c9c3f6c8da784039044a30c1a9c328d01c5439
SHA256

7a6ff237d89319963b9f4b15017b8e4cb07cd7bc8c48abe4b19da5f25abba01f
SHA512

6b8bda525edabe0a735bcee7310ca87691ac66922ea618e4408f2d001bcdfd16ee09165ae64f37c97a0b8f9d8355a8537446ab1f1e000412e8a74f6d5dabdc19
SSDEEP

49152:xSjTZfp15enfjNxZiZzlvDhmCBWUhBNXClEKy:xSB81iZJFZBWyNpKy

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  41bcfb1f463384d10ec7ceab45ff5b05_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  41bcfb1f463384d10ec7ceab45ff5b05
- SHA1
  
  e5c9c3f6c8da784039044a30c1a9c328d01c5439
- SHA256
  
  7a6ff237d89319963b9f4b15017b8e4cb07cd7bc8c48abe4b19da5f25abba01f
- SHA512
  
  6b8bda525edabe0a735bcee7310ca87691ac66922ea618e4408f2d001bcdfd16ee09165ae64f37c97a0b8f9d8355a8537446ab1f1e000412e8a74f6d5dabdc19
- SSDEEP
  
  49152:xSjTZfp15enfjNxZiZzlvDhmCBWUhBNXClEKy:xSB81iZJFZBWyNpKy
Score

8^/10

persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2