81c24667c1db55cb1c7a31e8329fec0793568c5daf335b7b978ca3a281c704c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61b235bab776701070e80c94e7ac2ee7_JaffaCakes118
Size

110KB
Sample

240721-2lknyaybmh
MD5

61b235bab776701070e80c94e7ac2ee7
SHA1

3629163512aa769fae01b73df5347d27aa36292a
SHA256

81c24667c1db55cb1c7a31e8329fec0793568c5daf335b7b978ca3a281c704c5
SHA512

332d1bb54c792c7d65b5c84acd394ff20867a9883a29ec8e51738560866cf6259b7678b1649166ef20ae4773a01f6c1fdd334175cd4bba1e5b35190f982cc346
SSDEEP

3072:mfM/TolHqZeRR0FeaA66sh1vKtnIOHTw0/C:mf8MHqgj3h6K28bC

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  61b235bab776701070e80c94e7ac2ee7_JaffaCakes118
- Size
  
  110KB
- MD5
  
  61b235bab776701070e80c94e7ac2ee7
- SHA1
  
  3629163512aa769fae01b73df5347d27aa36292a
- SHA256
  
  81c24667c1db55cb1c7a31e8329fec0793568c5daf335b7b978ca3a281c704c5
- SHA512
  
  332d1bb54c792c7d65b5c84acd394ff20867a9883a29ec8e51738560866cf6259b7678b1649166ef20ae4773a01f6c1fdd334175cd4bba1e5b35190f982cc346
- SSDEEP
  
  3072:mfM/TolHqZeRR0FeaA66sh1vKtnIOHTw0/C:mf8MHqgj3h6K28bC
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2