849a4be9e804c29b4a6159e5418b67de540acd89b2bd1b6a0f3c34224be427e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dce85ae9d8f764f717db7d52030a79d_JaffaCakes118
Size

477KB
Sample

240719-1pnz4a1glj
MD5

5dce85ae9d8f764f717db7d52030a79d
SHA1

b43951fa35b17c1797dc670b7e1fc6df1195de2a
SHA256

849a4be9e804c29b4a6159e5418b67de540acd89b2bd1b6a0f3c34224be427e2
SHA512

6de14842741f3e4bf1dea051ecfeb4ed94f08ed7a05112661dd0b1908da17ae3845bc929d8d864554e3bb2ed8d90417d166d41d30cafc685119fff5c1710e11f
SSDEEP

12288:TNodBiTI+TpPA6EZO7KUQRZ66z24VZbdrpgrXN2LWzmidN:ZoPD+TpP3vKU6Z66z24VZbFpgJ2LWzm+

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  5dce85ae9d8f764f717db7d52030a79d_JaffaCakes118
- Size
  
  477KB
- MD5
  
  5dce85ae9d8f764f717db7d52030a79d
- SHA1
  
  b43951fa35b17c1797dc670b7e1fc6df1195de2a
- SHA256
  
  849a4be9e804c29b4a6159e5418b67de540acd89b2bd1b6a0f3c34224be427e2
- SHA512
  
  6de14842741f3e4bf1dea051ecfeb4ed94f08ed7a05112661dd0b1908da17ae3845bc929d8d864554e3bb2ed8d90417d166d41d30cafc685119fff5c1710e11f
- SSDEEP
  
  12288:TNodBiTI+TpPA6EZO7KUQRZ66z24VZbdrpgrXN2LWzmidN:ZoPD+TpP3vKU6Z66z24VZbFpgJ2LWzm+
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2