b1d42db18bfa2eb84594fa97bd329dce2911b3d7d0ca19ed9cd5f030db1ea19d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a297e7fa3dedcea173796148e5e82bfe_JaffaCakes118
Size

52KB
Sample

240817-p2bdzswelc
MD5

a297e7fa3dedcea173796148e5e82bfe
SHA1

e06b7f7d8da5361d011b36da78420cdffedb24cb
SHA256

b1d42db18bfa2eb84594fa97bd329dce2911b3d7d0ca19ed9cd5f030db1ea19d
SHA512

3873443c6b9fb51eea990884453a7e87d5641b43a046900dc722d8ca6698730d10c0c71edcec4f35c7faf834727b4fe3a21adc5229149e192b5d29901a132e37
SSDEEP

768:sp1Pd8NxReBg5v1YoipcUtJY3HoCqkVmLqQX0zt2rWKLjOrChc8:y1FGHHYFp5PbCCLFXqaFHc8

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  a297e7fa3dedcea173796148e5e82bfe_JaffaCakes118
- Size
  
  52KB
- MD5
  
  a297e7fa3dedcea173796148e5e82bfe
- SHA1
  
  e06b7f7d8da5361d011b36da78420cdffedb24cb
- SHA256
  
  b1d42db18bfa2eb84594fa97bd329dce2911b3d7d0ca19ed9cd5f030db1ea19d
- SHA512
  
  3873443c6b9fb51eea990884453a7e87d5641b43a046900dc722d8ca6698730d10c0c71edcec4f35c7faf834727b4fe3a21adc5229149e192b5d29901a132e37
- SSDEEP
  
  768:sp1Pd8NxReBg5v1YoipcUtJY3HoCqkVmLqQX0zt2rWKLjOrChc8:y1FGHHYFp5PbCCLFXqaFHc8
Score

8^/10

discovery persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence