9f6b39f4efe0dad7e0e8c89a24962a20e33049843926608f6f93811aa09d897f | Triage

Sharing

General

Target

72b7fd0fd25e1ae573157979d5f5be66_JaffaCakes118
Size

580KB
Sample

240726-fx196sybpl
MD5

72b7fd0fd25e1ae573157979d5f5be66
SHA1

29d506647a742009e5ade9ee45e0fd2110a5c342
SHA256

9f6b39f4efe0dad7e0e8c89a24962a20e33049843926608f6f93811aa09d897f
SHA512

84a7f55ca1053e5a5228a8a11998f17a4b6b98df2ef8bee2144eebdb3c6adb6e2b5e158703ede6b7aaa43d905b7bd18477aa27bb5abfb2a5d105cf28ce222d07
SSDEEP

12288:1ufwPH1rgOEuP5NgRMuvjLaGb+biuNz5PyUZVlat77ojwoVh:1ufwPH1MOEs5NeMKjLHb+uuNzIYly0ws

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  72b7fd0fd25e1ae573157979d5f5be66_JaffaCakes118
- Size
  
  580KB
- MD5
  
  72b7fd0fd25e1ae573157979d5f5be66
- SHA1
  
  29d506647a742009e5ade9ee45e0fd2110a5c342
- SHA256
  
  9f6b39f4efe0dad7e0e8c89a24962a20e33049843926608f6f93811aa09d897f
- SHA512
  
  84a7f55ca1053e5a5228a8a11998f17a4b6b98df2ef8bee2144eebdb3c6adb6e2b5e158703ede6b7aaa43d905b7bd18477aa27bb5abfb2a5d105cf28ce222d07
- SSDEEP
  
  12288:1ufwPH1rgOEuP5NgRMuvjLaGb+biuNz5PyUZVlat77ojwoVh:1ufwPH1MOEs5NeMKjLHb+uuNzIYly0ws
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence