f799a6cfb79f9fde7c6689aff3ae41ac7cb0f51995ff6a5acd24db62df5a527a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65a8ebd2f8ecfd6c708f5ca10088916e_JaffaCakes118
Size

42KB
Sample

240723-b5lggazgqc
MD5

65a8ebd2f8ecfd6c708f5ca10088916e
SHA1

7d6ec83d2748033fadb6ce4d6217a94796a6fa31
SHA256

f799a6cfb79f9fde7c6689aff3ae41ac7cb0f51995ff6a5acd24db62df5a527a
SHA512

566ed17fe1c824627336e3a7629672a579b98f025bd0619aad48fe41f1611ec00d68c5a8df47217244a7c0ccf7f8d5e198407992beb52f924f309d576c13c6bb
SSDEEP

768:0i+GMBFeEFcsrYg9KJmZHB/w82KDWVeJ/ZIcHUeOmCe07GO:0i+GMBFpcqf9KwZHTyVeJZa

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  65a8ebd2f8ecfd6c708f5ca10088916e_JaffaCakes118
- Size
  
  42KB
- MD5
  
  65a8ebd2f8ecfd6c708f5ca10088916e
- SHA1
  
  7d6ec83d2748033fadb6ce4d6217a94796a6fa31
- SHA256
  
  f799a6cfb79f9fde7c6689aff3ae41ac7cb0f51995ff6a5acd24db62df5a527a
- SHA512
  
  566ed17fe1c824627336e3a7629672a579b98f025bd0619aad48fe41f1611ec00d68c5a8df47217244a7c0ccf7f8d5e198407992beb52f924f309d576c13c6bb
- SSDEEP
  
  768:0i+GMBFeEFcsrYg9KJmZHB/w82KDWVeJ/ZIcHUeOmCe07GO:0i+GMBFpcqf9KwZHTyVeJZa
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2