7001535b5f2b0b850bc9ffca376a9ed69b52e98afa052dfe730d26efcdd6f1ec | Triage

Sharing

General

Target

73d45993a6f279e3d13f2e06a5f90437_JaffaCakes118
Size

142KB
Sample

240726-nest3svbkm
MD5

73d45993a6f279e3d13f2e06a5f90437
SHA1

dbc1bfccb5f56e9acaf94d917a180bda53a6985a
SHA256

7001535b5f2b0b850bc9ffca376a9ed69b52e98afa052dfe730d26efcdd6f1ec
SHA512

4e7c05f178c430e6d38d8b32d5d40896d7eb3bd9cb463c23a2fba68e4688a290b599c2fde5778ceffdc951062dfaa5bad3e510fad20bbd992a5839d4faf2b37e
SSDEEP

3072:nix5XnHSNwVR6vW6nNQAUrTrogAaU/eTQyBnykmNsNl0WiuxzO/w5ukxM:niTXuKUn2X5A2tyfDWdpM

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  73d45993a6f279e3d13f2e06a5f90437_JaffaCakes118
- Size
  
  142KB
- MD5
  
  73d45993a6f279e3d13f2e06a5f90437
- SHA1
  
  dbc1bfccb5f56e9acaf94d917a180bda53a6985a
- SHA256
  
  7001535b5f2b0b850bc9ffca376a9ed69b52e98afa052dfe730d26efcdd6f1ec
- SHA512
  
  4e7c05f178c430e6d38d8b32d5d40896d7eb3bd9cb463c23a2fba68e4688a290b599c2fde5778ceffdc951062dfaa5bad3e510fad20bbd992a5839d4faf2b37e
- SSDEEP
  
  3072:nix5XnHSNwVR6vW6nNQAUrTrogAaU/eTQyBnykmNsNl0WiuxzO/w5ukxM:niTXuKUn2X5A2tyfDWdpM
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence