9fdf79fe36d4f7dbb756f61e804c5dab072d1bbc8d88511ceb0e1c7d7df37da2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f3f19af453972bd14aeea8cb7a26c1e_JaffaCakes118
Size

58KB
Sample

240725-mr23vaxbkd
MD5

6f3f19af453972bd14aeea8cb7a26c1e
SHA1

6fe0bbb93ea28a992b3b6a2355a4b408f1477b6b
SHA256

9fdf79fe36d4f7dbb756f61e804c5dab072d1bbc8d88511ceb0e1c7d7df37da2
SHA512

fef9b762969228d3249b88b6ecfbf7f29cc75c5627198b4c288200bf5ce4cc456b6dc5a413b96facb4fa80ba46260c38c02329c75a31f04c6d6e1a19104cdb5a
SSDEEP

1536:V/5NWWV97qCIJMJ/SlQoxKaV1+ZBZhstEgevwgM:hDxqCc+++zst4w3

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  6f3f19af453972bd14aeea8cb7a26c1e_JaffaCakes118
- Size
  
  58KB
- MD5
  
  6f3f19af453972bd14aeea8cb7a26c1e
- SHA1
  
  6fe0bbb93ea28a992b3b6a2355a4b408f1477b6b
- SHA256
  
  9fdf79fe36d4f7dbb756f61e804c5dab072d1bbc8d88511ceb0e1c7d7df37da2
- SHA512
  
  fef9b762969228d3249b88b6ecfbf7f29cc75c5627198b4c288200bf5ce4cc456b6dc5a413b96facb4fa80ba46260c38c02329c75a31f04c6d6e1a19104cdb5a
- SSDEEP
  
  1536:V/5NWWV97qCIJMJ/SlQoxKaV1+ZBZhstEgevwgM:hDxqCc+++zst4w3
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence