ab1849e3e1d1d6a4573a2812ac764dad1e3f35ca9b9cb4ee10703305fff3d523 | Triage

Sharing

General

Target

4866fc7e9ec5e1527931e54a98116a1c_JaffaCakes118
Size

371KB
Sample

240715-f4ae2azdrl
MD5

4866fc7e9ec5e1527931e54a98116a1c
SHA1

8f69166896157380565d7beea5bf6061e2ceb043
SHA256

ab1849e3e1d1d6a4573a2812ac764dad1e3f35ca9b9cb4ee10703305fff3d523
SHA512

19c1782e7438834e86ac2db68178a7fcd9b16f1ee33dfd717613624199a844c4a06bc34bc18aeeeb6f89a2e6c9c88536cc312c0b4dbcc6a77020d5e92575c743
SSDEEP

6144:nCuOCgRcak24bbOHAtBccV4CB8j7UIGMNx2D1lOLW+9qLycc1FcuajxJ:CuOCHak24Wgmc8j7Usv2Xx+9q+D1F+jL

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  4866fc7e9ec5e1527931e54a98116a1c_JaffaCakes118
- Size
  
  371KB
- MD5
  
  4866fc7e9ec5e1527931e54a98116a1c
- SHA1
  
  8f69166896157380565d7beea5bf6061e2ceb043
- SHA256
  
  ab1849e3e1d1d6a4573a2812ac764dad1e3f35ca9b9cb4ee10703305fff3d523
- SHA512
  
  19c1782e7438834e86ac2db68178a7fcd9b16f1ee33dfd717613624199a844c4a06bc34bc18aeeeb6f89a2e6c9c88536cc312c0b4dbcc6a77020d5e92575c743
- SSDEEP
  
  6144:nCuOCgRcak24bbOHAtBccV4CB8j7UIGMNx2D1lOLW+9qLycc1FcuajxJ:CuOCHak24Wgmc8j7Usv2Xx+9q+D1F+jL
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2