36755ad2e2d73260f3cebd70aa55e6d9579ad1c855c4370eb9c10cd4fe404967 | Triage

Sharing

General

Target

5a23f1bf273620980f14915e8c2d62f0_JaffaCakes118
Size

24KB
Sample

240719-c7mb8asclg
MD5

5a23f1bf273620980f14915e8c2d62f0
SHA1

2482a33d4e60f9ca8143b477a05e3f2dd61c3f36
SHA256

36755ad2e2d73260f3cebd70aa55e6d9579ad1c855c4370eb9c10cd4fe404967
SHA512

405cd2bad6d8b57421277d06e4475cf09e07880e33803ee565ee45cf7ccb23dc32e3a55099d65ffc25fc8f1ec323a70aaeb5e593fdcbb12e9641f789d16c4f23
SSDEEP

768:YzO6Ih2gCllQ/9R1PS6j//uom+TdsGXGq:YzM2BURBSSbjTu7q

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5a23f1bf273620980f14915e8c2d62f0_JaffaCakes118
- Size
  
  24KB
- MD5
  
  5a23f1bf273620980f14915e8c2d62f0
- SHA1
  
  2482a33d4e60f9ca8143b477a05e3f2dd61c3f36
- SHA256
  
  36755ad2e2d73260f3cebd70aa55e6d9579ad1c855c4370eb9c10cd4fe404967
- SHA512
  
  405cd2bad6d8b57421277d06e4475cf09e07880e33803ee565ee45cf7ccb23dc32e3a55099d65ffc25fc8f1ec323a70aaeb5e593fdcbb12e9641f789d16c4f23
- SSDEEP
  
  768:YzO6Ih2gCllQ/9R1PS6j//uom+TdsGXGq:YzM2BURBSSbjTu7q
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2