b64e5578b24096c6592ee7fbba2661af69397d10fd65317a2cdd1e59fce39235 | Triage

Sharing

General

Target

5acef71913386b1797fac9c2a20b1586_JaffaCakes118
Size

68KB
Sample

240719-g7f8eswhkl
MD5

5acef71913386b1797fac9c2a20b1586
SHA1

ddee4ecd39971b4336e7689659c60230e2f58991
SHA256

b64e5578b24096c6592ee7fbba2661af69397d10fd65317a2cdd1e59fce39235
SHA512

8efba606622a297646f83219b186976a82e4c06a5de2ed455d28576dfa0ae04bcdee11a60027abf546fb4f622ec6d6a7302553116f26dcc914c9852f49fe09d7
SSDEEP

1536:dtq94r/A7amvIThkLZsRwYSpRPMwPgAa8n/6OVFrTP6m:FTwIu1sqzVPJNn/6O/f

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5acef71913386b1797fac9c2a20b1586_JaffaCakes118
- Size
  
  68KB
- MD5
  
  5acef71913386b1797fac9c2a20b1586
- SHA1
  
  ddee4ecd39971b4336e7689659c60230e2f58991
- SHA256
  
  b64e5578b24096c6592ee7fbba2661af69397d10fd65317a2cdd1e59fce39235
- SHA512
  
  8efba606622a297646f83219b186976a82e4c06a5de2ed455d28576dfa0ae04bcdee11a60027abf546fb4f622ec6d6a7302553116f26dcc914c9852f49fe09d7
- SSDEEP
  
  1536:dtq94r/A7amvIThkLZsRwYSpRPMwPgAa8n/6OVFrTP6m:FTwIu1sqzVPJNn/6O/f
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2