066d5fc6656df32e52e8d6283a758a2897b0d51d48491f44ee24c268d0179980 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4531da6de9e2917e50bc0faa630f904c_JaffaCakes118
Size

106KB
Sample

240714-k71hvaxbld
MD5

4531da6de9e2917e50bc0faa630f904c
SHA1

201474f26ff098d47c0dc4104027f9305198e715
SHA256

066d5fc6656df32e52e8d6283a758a2897b0d51d48491f44ee24c268d0179980
SHA512

d5fe9ba174a5df2fe7e59c7af925b6f5249eb4abe9a7750273fa2d6778df5021d5ccfb8f4ad714f6b64f8d49344b7689fd95549f499dd81134627d3d02ab4c85
SSDEEP

3072:VrA/z/VJJDv3n8KzxkBSY3ZXy3Ah6T4ox:VrAJJ5v3n3zeBSY3ZCpTzx

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  4531da6de9e2917e50bc0faa630f904c_JaffaCakes118
- Size
  
  106KB
- MD5
  
  4531da6de9e2917e50bc0faa630f904c
- SHA1
  
  201474f26ff098d47c0dc4104027f9305198e715
- SHA256
  
  066d5fc6656df32e52e8d6283a758a2897b0d51d48491f44ee24c268d0179980
- SHA512
  
  d5fe9ba174a5df2fe7e59c7af925b6f5249eb4abe9a7750273fa2d6778df5021d5ccfb8f4ad714f6b64f8d49344b7689fd95549f499dd81134627d3d02ab4c85
- SSDEEP
  
  3072:VrA/z/VJJDv3n8KzxkBSY3ZXy3Ah6T4ox:VrAJJ5v3n3zeBSY3ZCpTzx
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2