8ef358e73963f4a47b486267d86da8b8b0c5c941b062acb3f27c9b35dcdcaf23 | Triage

Sharing

General

Target

964e75e289e4fa0c9dad291d6beb5949_JaffaCakes118
Size

72KB
Sample

240814-qv3ekavdrb
MD5

964e75e289e4fa0c9dad291d6beb5949
SHA1

7c96ecf71e2907981e5dd227cd609604e922e38a
SHA256

8ef358e73963f4a47b486267d86da8b8b0c5c941b062acb3f27c9b35dcdcaf23
SHA512

54245adae49ff50f70598279aebff3b7fb9b18156caab00395926ad6f4c6432db6b4a91255b23cec848bb31ca04c426b9b092e3ea02e722c6477d66cfab35939
SSDEEP

1536:+Bej95nI6HSpc+UIqnEixqOLaJ5bODnPk3t:TLnI6RoqnxqRjUnPKt

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  964e75e289e4fa0c9dad291d6beb5949_JaffaCakes118
- Size
  
  72KB
- MD5
  
  964e75e289e4fa0c9dad291d6beb5949
- SHA1
  
  7c96ecf71e2907981e5dd227cd609604e922e38a
- SHA256
  
  8ef358e73963f4a47b486267d86da8b8b0c5c941b062acb3f27c9b35dcdcaf23
- SHA512
  
  54245adae49ff50f70598279aebff3b7fb9b18156caab00395926ad6f4c6432db6b4a91255b23cec848bb31ca04c426b9b092e3ea02e722c6477d66cfab35939
- SSDEEP
  
  1536:+Bej95nI6HSpc+UIqnEixqOLaJ5bODnPk3t:TLnI6RoqnxqRjUnPKt
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence