f166d866170d2f40cb49b050b2e6de106f64e5f69e692a88526be4de6ac7d961 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a98501dd2461321dbbfec552c5a5b30_JaffaCakes118
Size

77KB
Sample

240719-fvsv1sxfjf
MD5

5a98501dd2461321dbbfec552c5a5b30
SHA1

57dafe716038f72ab4d8e91fc2b63e4c82549275
SHA256

f166d866170d2f40cb49b050b2e6de106f64e5f69e692a88526be4de6ac7d961
SHA512

08c2e1242a5c7d951ed1413c21aefd48b1f79bb8d26d28a7448ee55f862b3d91b9a209292f35a84ae0b44a0ff60e17aff47f0199b78b481766dd791ee5a5a184
SSDEEP

1536:dN1oaOEHIroxATZ+l+BGexbQIA+hmhT9eeDDO6A/:tbOlroxuZ+IEexbQX+6T4exA/

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5a98501dd2461321dbbfec552c5a5b30_JaffaCakes118
- Size
  
  77KB
- MD5
  
  5a98501dd2461321dbbfec552c5a5b30
- SHA1
  
  57dafe716038f72ab4d8e91fc2b63e4c82549275
- SHA256
  
  f166d866170d2f40cb49b050b2e6de106f64e5f69e692a88526be4de6ac7d961
- SHA512
  
  08c2e1242a5c7d951ed1413c21aefd48b1f79bb8d26d28a7448ee55f862b3d91b9a209292f35a84ae0b44a0ff60e17aff47f0199b78b481766dd791ee5a5a184
- SSDEEP
  
  1536:dN1oaOEHIroxATZ+l+BGexbQIA+hmhT9eeDDO6A/:tbOlroxuZ+IEexbQX+6T4exA/
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2