8cad9d35457c9ff41454af6394060cd7ad54547fd4947c2790510e91d5dcc289 | Triage

Sharing

General

Target

02193c00ce9f870f876e92e0466c8a5a_JaffaCakes118
Size

4.2MB
Sample

240727-24vlvswhrf
MD5

02193c00ce9f870f876e92e0466c8a5a
SHA1

5a5b09b631dd1bbf8938f6ca14a30d2d589af73c
SHA256

8cad9d35457c9ff41454af6394060cd7ad54547fd4947c2790510e91d5dcc289
SHA512

8b88fa65674a511c2678e213b8fca1870fe06990d9b66216ce4382d422ce6c15a9f9a28f981d22f00b7c39bad30424bf1097ddaeb542569b0bb81b7de6669b09
SSDEEP

98304:fL5odbDHjg6FVI5ERcLoXq9CAFuXDl45u5Ew7AWT52oV2t:fLMvDgL5Ej7AFuXDZXLpO

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  02193c00ce9f870f876e92e0466c8a5a_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  02193c00ce9f870f876e92e0466c8a5a
- SHA1
  
  5a5b09b631dd1bbf8938f6ca14a30d2d589af73c
- SHA256
  
  8cad9d35457c9ff41454af6394060cd7ad54547fd4947c2790510e91d5dcc289
- SHA512
  
  8b88fa65674a511c2678e213b8fca1870fe06990d9b66216ce4382d422ce6c15a9f9a28f981d22f00b7c39bad30424bf1097ddaeb542569b0bb81b7de6669b09
- SSDEEP
  
  98304:fL5odbDHjg6FVI5ERcLoXq9CAFuXDl45u5Ew7AWT52oV2t:fLMvDgL5Ej7AFuXDZXLpO
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2