16313117f6c304fdd25596a7b9f935e07f00e3a16fb21d9e51cdb0fe1d5f1770 | Triage

Sharing

General

Target

4c5a94cd57912873e6b98bd64e054f6e_JaffaCakes118
Size

4.5MB
Sample

240716-ce42kasflc
MD5

4c5a94cd57912873e6b98bd64e054f6e
SHA1

190b463b8c6db95a461559fe26ed0abeb241405b
SHA256

16313117f6c304fdd25596a7b9f935e07f00e3a16fb21d9e51cdb0fe1d5f1770
SHA512

9c354445215431e1c92a8f1067aec086124fd5fd6c172e681f96113530f788384cc57fe9e44200513d72020b3b562c9441fcdf11a528eee5af8ef36cd665aea3
SSDEEP

98304:hdIjRlEydxB5atAVfytfGyASx6qdtv68u9W5HMMzXwnKsLUUvG2W:hSTEydxVuGybIqdi9WPzgnKs4U+2W

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  4c5a94cd57912873e6b98bd64e054f6e_JaffaCakes118
- Size
  
  4.5MB
- MD5
  
  4c5a94cd57912873e6b98bd64e054f6e
- SHA1
  
  190b463b8c6db95a461559fe26ed0abeb241405b
- SHA256
  
  16313117f6c304fdd25596a7b9f935e07f00e3a16fb21d9e51cdb0fe1d5f1770
- SHA512
  
  9c354445215431e1c92a8f1067aec086124fd5fd6c172e681f96113530f788384cc57fe9e44200513d72020b3b562c9441fcdf11a528eee5af8ef36cd665aea3
- SSDEEP
  
  98304:hdIjRlEydxB5atAVfytfGyASx6qdtv68u9W5HMMzXwnKsLUUvG2W:hSTEydxVuGybIqdi9WPzgnKs4U+2W
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2