acb82bb982eb01d32479ca6672198b208cdc28cbd6ebcf2e2dc5e853d3c1a31d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73e49d452ec93ede5531408e678830b3_JaffaCakes118
Size

143KB
Sample

240726-nrqkgsyfrg
MD5

73e49d452ec93ede5531408e678830b3
SHA1

d61d1c437cd8ee021579168b5ba25840824a0aec
SHA256

acb82bb982eb01d32479ca6672198b208cdc28cbd6ebcf2e2dc5e853d3c1a31d
SHA512

5ed70f16f36693f17beb2c2613a46621e2212a67f0eef483f90cbf2a9be62f68d05e50f8df776ad5fca3b0478154b3ab3c7b8814900f85fba0b1f664be70cc28
SSDEEP

3072:gmohLFoCW5ekruvgutjT5HKq7p76R8ZoJMNPo/f/TxXrto5:gKWvgutjTFOmKMNPo/Dx

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  73e49d452ec93ede5531408e678830b3_JaffaCakes118
- Size
  
  143KB
- MD5
  
  73e49d452ec93ede5531408e678830b3
- SHA1
  
  d61d1c437cd8ee021579168b5ba25840824a0aec
- SHA256
  
  acb82bb982eb01d32479ca6672198b208cdc28cbd6ebcf2e2dc5e853d3c1a31d
- SHA512
  
  5ed70f16f36693f17beb2c2613a46621e2212a67f0eef483f90cbf2a9be62f68d05e50f8df776ad5fca3b0478154b3ab3c7b8814900f85fba0b1f664be70cc28
- SSDEEP
  
  3072:gmohLFoCW5ekruvgutjT5HKq7p76R8ZoJMNPo/f/TxXrto5:gKWvgutjTFOmKMNPo/Dx
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence