eee35028038d859e71c73315248c3d10a31595fcfc4262ac760565f562eb511f | Triage

Sharing

General

Target

6fb79ba3947c66a22fe871aa78ddee3d_JaffaCakes118
Size

36KB
Sample

240725-qf4dbazgqm
MD5

6fb79ba3947c66a22fe871aa78ddee3d
SHA1

67a1926f167f759084f9f2542f9eaaee42e1887c
SHA256

eee35028038d859e71c73315248c3d10a31595fcfc4262ac760565f562eb511f
SHA512

f2ea627578491705d4e07a52ffaf22d5ac918cc25a21c01172ca64277e1efcc2125a2f5ba98fb0cdf446944b2331c605a26ea436c4435b7fe2faaba6f27f529d
SSDEEP

384:cACr7s98J97l2SDWx6xP0J0M+HiYh1OjT6qdcaCQcEh0c3Ni5dYfjgf3j8Bzd5Qn:EnsGL7gSDWMRGYX1zrsnQi+ws

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  6fb79ba3947c66a22fe871aa78ddee3d_JaffaCakes118
- Size
  
  36KB
- MD5
  
  6fb79ba3947c66a22fe871aa78ddee3d
- SHA1
  
  67a1926f167f759084f9f2542f9eaaee42e1887c
- SHA256
  
  eee35028038d859e71c73315248c3d10a31595fcfc4262ac760565f562eb511f
- SHA512
  
  f2ea627578491705d4e07a52ffaf22d5ac918cc25a21c01172ca64277e1efcc2125a2f5ba98fb0cdf446944b2331c605a26ea436c4435b7fe2faaba6f27f529d
- SSDEEP
  
  384:cACr7s98J97l2SDWx6xP0J0M+HiYh1OjT6qdcaCQcEh0c3Ni5dYfjgf3j8Bzd5Qn:EnsGL7gSDWMRGYX1zrsnQi+ws
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence