2ebcc002e85c9594c1b06c496e824866089161477fe1c73f38ec3cbe88359906 | Triage

Sharing

General

Target

6f5ca5d824eed35080cf4c7769f847ff_JaffaCakes118
Size

258KB
Sample

240725-ngp6zayfjd
MD5

6f5ca5d824eed35080cf4c7769f847ff
SHA1

3bec3ed77a41453067b84a3ca7b4d71f5936a9de
SHA256

2ebcc002e85c9594c1b06c496e824866089161477fe1c73f38ec3cbe88359906
SHA512

ceb4a27482d2eaac4f6c3be474a89b993e409e2966ac51220976a7a97b085ad5770b59e000cc51235382e5a48e585417770475ddf5372da61896fa062f0e39ae
SSDEEP

6144:FucJpYeWHw9kzUTYnlSMfosaJb70nF+R3oPuTgjKuQ3:Fuc339ifuJ0nFPzQ3

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  6f5ca5d824eed35080cf4c7769f847ff_JaffaCakes118
- Size
  
  258KB
- MD5
  
  6f5ca5d824eed35080cf4c7769f847ff
- SHA1
  
  3bec3ed77a41453067b84a3ca7b4d71f5936a9de
- SHA256
  
  2ebcc002e85c9594c1b06c496e824866089161477fe1c73f38ec3cbe88359906
- SHA512
  
  ceb4a27482d2eaac4f6c3be474a89b993e409e2966ac51220976a7a97b085ad5770b59e000cc51235382e5a48e585417770475ddf5372da61896fa062f0e39ae
- SSDEEP
  
  6144:FucJpYeWHw9kzUTYnlSMfosaJb70nF+R3oPuTgjKuQ3:Fuc339ifuJ0nFPzQ3
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence