gh0strat | 5e59290501476efa906a62eb53257b33d1b0cea4e3894bc29888a689565b2ab4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62bc38e8bf677cb2674e7496c4abef13_JaffaCakes118
Size

181KB
Sample

240722-lr9x1s1gpk
MD5

62bc38e8bf677cb2674e7496c4abef13
SHA1

59f7f84fb27661442cb213a2110dfc941196befe
SHA256

5e59290501476efa906a62eb53257b33d1b0cea4e3894bc29888a689565b2ab4
SHA512

fac272bf85b5d47a4ad03893665a97e9a6d2e61bbea019d201870fa1b3bae90c737f3c9ddf82b718df71a50805169ecc4782d59e23f99bfb7b03ace62beddf5a
SSDEEP

3072:ALk395hYXJsDjSUxWbayCLef2s583SutridTtT+K0vkEllFwIYD9SICj4fm:AQqCjSlbfCCus58CupidTt/0MEllFw7C

Score

10^/10

gh0strat persistence

Malware Config

Targets

- Target
  
  62bc38e8bf677cb2674e7496c4abef13_JaffaCakes118
- Size
  
  181KB
- MD5
  
  62bc38e8bf677cb2674e7496c4abef13
- SHA1
  
  59f7f84fb27661442cb213a2110dfc941196befe
- SHA256
  
  5e59290501476efa906a62eb53257b33d1b0cea4e3894bc29888a689565b2ab4
- SHA512
  
  fac272bf85b5d47a4ad03893665a97e9a6d2e61bbea019d201870fa1b3bae90c737f3c9ddf82b718df71a50805169ecc4782d59e23f99bfb7b03ace62beddf5a
- SSDEEP
  
  3072:ALk395hYXJsDjSUxWbayCLef2s583SutridTtT+K0vkEllFwIYD9SICj4fm:AQqCjSlbfCCus58CupidTt/0MEllFw7C
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  201153135239.exe
- Size
  
  25.2MB
- MD5
  
  57f0f15ef829fa03fecf784d5c658bae
- SHA1
  
  1d86700c8c555df352c2922d02da686825525c00
- SHA256
  
  ddb52e15b7891d1aded1312934d2e6f620c08e1f0e0da77ab3b68343daef7560
- SHA512
  
  22fa2b29066c2a638f393cb2f99316f3786351c805a6bc3a41f2cc8b5ba681954167ba08cb4d5930fc8e5caf4c70ceadbfdd092e0511a568abb47466acbb526b
- SSDEEP
  
  3072:ALk395hYXJS1VNR0FtDZU4JPK76fcqIVw4Z8KZSrXC4VQipg2vub:AQqY30Fn9PdcqIVwE8Wxidub
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  20115313521.exe
- Size
  
  100.2MB
- MD5
  
  8c37a0a9621cae6781bfd3c408400682
- SHA1
  
  6768b9f64c2f95c51870b77a9679519b6fd12cd7
- SHA256
  
  d868c3d258b1deded5ac76ceccd859b3f7d088d1b2bc6e0b8db813aec30a460e
- SHA512
  
  e7331e9fc56ba2a30a7ee28093048d2e50143a9f6f7130d0fba18919df7e52bb67ce1cbc4f5a24950d65e0e57d404e421889240765c67815abcae46f7b8c9f44
- SSDEEP
  
  3072:CTeTY1km5WBqwP3fspQ/Xz7iasXHyC/hX6Axv3yUt7LEwNj8BPOI5s8DxOA:CiTtiWB0mL7teJ5Vp3yO5N4G74
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6