fe44eda3fc137b4f9249a86f1b81559c1da082201c8d04e89585fe9280db60c2 | Triage

Sharing

General

Target

61c44686b64d726a20d47d3a8e2bad1d_JaffaCakes118
Size

71KB
Sample

240721-21k81s1hlr
MD5

61c44686b64d726a20d47d3a8e2bad1d
SHA1

fd158fba45af70e35c8c38326be3babb06a78bad
SHA256

fe44eda3fc137b4f9249a86f1b81559c1da082201c8d04e89585fe9280db60c2
SHA512

30d40df67392decac5d5064b5f15a49bd96f76765f96b05d20d7429d2482e7bd6a5077f0f499dbce0e6ce3f73adcfd96fccd10e584cbc3994a203c49682434a0
SSDEEP

1536:NmUj2nT6t2Ux70Mnfj41GKyAFNhe2DtEtKPQBHe:NJ6T6tbxzfkYRI9yc

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  61c44686b64d726a20d47d3a8e2bad1d_JaffaCakes118
- Size
  
  71KB
- MD5
  
  61c44686b64d726a20d47d3a8e2bad1d
- SHA1
  
  fd158fba45af70e35c8c38326be3babb06a78bad
- SHA256
  
  fe44eda3fc137b4f9249a86f1b81559c1da082201c8d04e89585fe9280db60c2
- SHA512
  
  30d40df67392decac5d5064b5f15a49bd96f76765f96b05d20d7429d2482e7bd6a5077f0f499dbce0e6ce3f73adcfd96fccd10e584cbc3994a203c49682434a0
- SSDEEP
  
  1536:NmUj2nT6t2Ux70Mnfj41GKyAFNhe2DtEtKPQBHe:NJ6T6tbxzfkYRI9yc
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2