f597dd24cd23bb7d4841a176aaa2f5c327c5610ea24d75ea4ef16f3c4e857d8d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71439f0c4f74fcb660d736d867f396fe_JaffaCakes118
Size

226KB
Sample

240725-z3xzgsyaqf
MD5

71439f0c4f74fcb660d736d867f396fe
SHA1

6c1cf612786f4af2f7a2e2fb4996affe5f867f5a
SHA256

f597dd24cd23bb7d4841a176aaa2f5c327c5610ea24d75ea4ef16f3c4e857d8d
SHA512

2048672b22ec3eee7be61a63ad3706ed27e4fe42998c6142470a594190e6c6f37f6182c73fff82851ce06db0585bd364e15c8c0b44152d366bad8a7c18a08ef3
SSDEEP

6144:q5x0DGAlyjzl86dOaadkICV1XZ4Bv54pUr8K:U2DGIA3saFp4BKKr

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  71439f0c4f74fcb660d736d867f396fe_JaffaCakes118
- Size
  
  226KB
- MD5
  
  71439f0c4f74fcb660d736d867f396fe
- SHA1
  
  6c1cf612786f4af2f7a2e2fb4996affe5f867f5a
- SHA256
  
  f597dd24cd23bb7d4841a176aaa2f5c327c5610ea24d75ea4ef16f3c4e857d8d
- SHA512
  
  2048672b22ec3eee7be61a63ad3706ed27e4fe42998c6142470a594190e6c6f37f6182c73fff82851ce06db0585bd364e15c8c0b44152d366bad8a7c18a08ef3
- SSDEEP
  
  6144:q5x0DGAlyjzl86dOaadkICV1XZ4Bv54pUr8K:U2DGIA3saFp4BKKr
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence