4e6d487b39b061bd167d08baa52fd76b4ddeb0dc75480ab1bfac7a0543ed9492 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

454f6d93aaedeff7ee7aea2bd6654ec2_JaffaCakes118
Size

64KB
Sample

240714-lv927ayang
MD5

454f6d93aaedeff7ee7aea2bd6654ec2
SHA1

40face4466ee2d39822f840c2b1b8b81f8c05565
SHA256

4e6d487b39b061bd167d08baa52fd76b4ddeb0dc75480ab1bfac7a0543ed9492
SHA512

7e43bcf4a66135f4c73acdbafe79fb892d10cd8095d271b05607e622bd9b03af0f78220f19b430ff83f582f820bd00bb084ca879a1a0c681ac61089c2716757d
SSDEEP

768:eaw8m85LiUyPkGImrtE6R4Ru5uJtlvcLOocUQh0juiH2LC670+p6YOQTqWyohf5D:et8f6E+15paoc7hTiWL17DoYQBoxZ

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  454f6d93aaedeff7ee7aea2bd6654ec2_JaffaCakes118
- Size
  
  64KB
- MD5
  
  454f6d93aaedeff7ee7aea2bd6654ec2
- SHA1
  
  40face4466ee2d39822f840c2b1b8b81f8c05565
- SHA256
  
  4e6d487b39b061bd167d08baa52fd76b4ddeb0dc75480ab1bfac7a0543ed9492
- SHA512
  
  7e43bcf4a66135f4c73acdbafe79fb892d10cd8095d271b05607e622bd9b03af0f78220f19b430ff83f582f820bd00bb084ca879a1a0c681ac61089c2716757d
- SSDEEP
  
  768:eaw8m85LiUyPkGImrtE6R4Ru5uJtlvcLOocUQh0juiH2LC670+p6YOQTqWyohf5D:et8f6E+15paoc7hTiWL17DoYQBoxZ
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2