3c8e27839fdb996fb19bec6e9ea1e811b18325c900e3e54aef49b372e431e04a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5cb3891ed44b490fbf70749d9bc64054_JaffaCakes118
Size

1.3MB
Sample

240719-ts5zfstame
MD5

5cb3891ed44b490fbf70749d9bc64054
SHA1

6d812012b11befd895e5dc3f940f0c74d5b32f94
SHA256

3c8e27839fdb996fb19bec6e9ea1e811b18325c900e3e54aef49b372e431e04a
SHA512

2b6d33ccd02c002a267b7fdb8aba3680a8f3643231ef7e965ad307bdfd59557ce15cc136dae63511892a19ba53dcaadff0941e64064c10a0ebe098c078b7a1e5
SSDEEP

24576:7bY8FhHqHGruiiNI888kpdG42kCj62b0IBq3uDiB98pP:vJYHcAIggKkCjFgL+e8pP

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5cb3891ed44b490fbf70749d9bc64054_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  5cb3891ed44b490fbf70749d9bc64054
- SHA1
  
  6d812012b11befd895e5dc3f940f0c74d5b32f94
- SHA256
  
  3c8e27839fdb996fb19bec6e9ea1e811b18325c900e3e54aef49b372e431e04a
- SHA512
  
  2b6d33ccd02c002a267b7fdb8aba3680a8f3643231ef7e965ad307bdfd59557ce15cc136dae63511892a19ba53dcaadff0941e64064c10a0ebe098c078b7a1e5
- SSDEEP
  
  24576:7bY8FhHqHGruiiNI888kpdG42kCj62b0IBq3uDiB98pP:vJYHcAIggKkCjFgL+e8pP
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2