57b4124df68164799d76f23e15caa39ccf03d09dd232c9997a09a9490440322b | Triage

Sharing

General

Target

47c30c5ca4b2f571ca08a2f46abe5a02_JaffaCakes118
Size

82KB
Sample

240715-chldmavhrc
MD5

47c30c5ca4b2f571ca08a2f46abe5a02
SHA1

61fb17f5613db7c439f3cbcc27b5d9eb2e7fe54d
SHA256

57b4124df68164799d76f23e15caa39ccf03d09dd232c9997a09a9490440322b
SHA512

74eff30fa00c763817f76022f995035f027304a1e25601610e7f365b2ed60bbcf803870c373f086f2a5094c12ec37e702a5c355ea7e4126a179b53eeb1905755
SSDEEP

1536:UUHWkhI/q5CqltFcKM4Ed7HpRBjXTICNgD4B+COH8E60lk0GXkx:UUHWkhISDMBN/XTTBWH8D0ZGUx

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  47c30c5ca4b2f571ca08a2f46abe5a02_JaffaCakes118
- Size
  
  82KB
- MD5
  
  47c30c5ca4b2f571ca08a2f46abe5a02
- SHA1
  
  61fb17f5613db7c439f3cbcc27b5d9eb2e7fe54d
- SHA256
  
  57b4124df68164799d76f23e15caa39ccf03d09dd232c9997a09a9490440322b
- SHA512
  
  74eff30fa00c763817f76022f995035f027304a1e25601610e7f365b2ed60bbcf803870c373f086f2a5094c12ec37e702a5c355ea7e4126a179b53eeb1905755
- SSDEEP
  
  1536:UUHWkhI/q5CqltFcKM4Ed7HpRBjXTICNgD4B+COH8E60lk0GXkx:UUHWkhISDMBN/XTTBWH8D0ZGUx
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2