23f3dc11ad366092c508403510cd876a843f22b48dab0639d753390ac0357dd8 | Triage

Sharing

General

Target

789548792dcde7e17feaa1266864f396_JaffaCakes118
Size

135KB
Sample

240727-sg5nwavemq
MD5

789548792dcde7e17feaa1266864f396
SHA1

52630b29a641af0bf32e660d08f3dc52cc86aeda
SHA256

23f3dc11ad366092c508403510cd876a843f22b48dab0639d753390ac0357dd8
SHA512

fcaa0648fa5a8b536c745e295ae1ec4eadfa074ebbe13cdcb6213906d5e94c7a75d75b9648e6491d55f025db13c0b7287ba299a0fb5747820d78c12d17d115ae
SSDEEP

3072:9CLiv/7BYSJjkHdcudeGaSNifsmW5Pnp/65IPE7QpUhy/al6BuxEk7mU95ukj:4LibB3UMSvpUIPHpOy/06Er

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  789548792dcde7e17feaa1266864f396_JaffaCakes118
- Size
  
  135KB
- MD5
  
  789548792dcde7e17feaa1266864f396
- SHA1
  
  52630b29a641af0bf32e660d08f3dc52cc86aeda
- SHA256
  
  23f3dc11ad366092c508403510cd876a843f22b48dab0639d753390ac0357dd8
- SHA512
  
  fcaa0648fa5a8b536c745e295ae1ec4eadfa074ebbe13cdcb6213906d5e94c7a75d75b9648e6491d55f025db13c0b7287ba299a0fb5747820d78c12d17d115ae
- SSDEEP
  
  3072:9CLiv/7BYSJjkHdcudeGaSNifsmW5Pnp/65IPE7QpUhy/al6BuxEk7mU95ukj:4LibB3UMSvpUIPHpOy/06Er
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence