821303f7b58dc753c603f72631b9900103b5bb549f362c9cdb0dbeea0fa77f83 | Triage

Sharing

General

Target

860032b2fc215e7a236cc9d8d9ca18ef_JaffaCakes118
Size

40KB
Sample

240810-pcc7aasgrf
MD5

860032b2fc215e7a236cc9d8d9ca18ef
SHA1

2ee07b79a21ddb5477aefbe8278c2768b915f585
SHA256

821303f7b58dc753c603f72631b9900103b5bb549f362c9cdb0dbeea0fa77f83
SHA512

f25a1879e748b5dfd720bfaceb8a15af3d81e519d81a0ec48c5786936aa0e9613413a8ab909e2c73ef6c55327df9015c087809fd37ae75d378f63ad357dcfaa3
SSDEEP

384:BQot15+qFW2JIdEsCk566MwqhZFy1SeKxdRlKDfnKDzL50:aotjTFWcFqY6MeSeCRSy+

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  860032b2fc215e7a236cc9d8d9ca18ef_JaffaCakes118
- Size
  
  40KB
- MD5
  
  860032b2fc215e7a236cc9d8d9ca18ef
- SHA1
  
  2ee07b79a21ddb5477aefbe8278c2768b915f585
- SHA256
  
  821303f7b58dc753c603f72631b9900103b5bb549f362c9cdb0dbeea0fa77f83
- SHA512
  
  f25a1879e748b5dfd720bfaceb8a15af3d81e519d81a0ec48c5786936aa0e9613413a8ab909e2c73ef6c55327df9015c087809fd37ae75d378f63ad357dcfaa3
- SSDEEP
  
  384:BQot15+qFW2JIdEsCk566MwqhZFy1SeKxdRlKDfnKDzL50:aotjTFWcFqY6MeSeCRSy+
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence