e6f282a0d1fb2313d9810852224e5828b537f40455a7f2c13479f8be2394d97b | Triage

Sharing

General

Target

448ec9c38690ce618473fed0eb431280_JaffaCakes118
Size

73KB
Sample

240714-ghadksydmm
MD5

448ec9c38690ce618473fed0eb431280
SHA1

61038b25e848b28efe8bd5190711588b97446139
SHA256

e6f282a0d1fb2313d9810852224e5828b537f40455a7f2c13479f8be2394d97b
SHA512

1713a0d689deb4e2f6f7981c7819013736697e4411deb3cb1952fe938b92e1fe0c223f0835bf4013278339b8490a7378bb03ae89899631adfa68a8e70bd4b080
SSDEEP

1536:kkE2qsRSSkJ5oFq8Dm+Q3WAoxnrPgd+qJdQGWUFo7c:kkE2qsRSSkoHmmn7lqPr

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  448ec9c38690ce618473fed0eb431280_JaffaCakes118
- Size
  
  73KB
- MD5
  
  448ec9c38690ce618473fed0eb431280
- SHA1
  
  61038b25e848b28efe8bd5190711588b97446139
- SHA256
  
  e6f282a0d1fb2313d9810852224e5828b537f40455a7f2c13479f8be2394d97b
- SHA512
  
  1713a0d689deb4e2f6f7981c7819013736697e4411deb3cb1952fe938b92e1fe0c223f0835bf4013278339b8490a7378bb03ae89899631adfa68a8e70bd4b080
- SSDEEP
  
  1536:kkE2qsRSSkJ5oFq8Dm+Q3WAoxnrPgd+qJdQGWUFo7c:kkE2qsRSSkoHmmn7lqPr
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2