f3603cf72623943a82d830d3e63f9edf0392e062e25a1f65bbcece0739452bcf | Triage

Sharing

General

Target

a3300bd250c3f457c47304d494a7740b_JaffaCakes118
Size

429KB
Sample

240817-tev74atfpe
MD5

a3300bd250c3f457c47304d494a7740b
SHA1

cd4d72ac32eceda4815f730f71fdb418e7fd561e
SHA256

f3603cf72623943a82d830d3e63f9edf0392e062e25a1f65bbcece0739452bcf
SHA512

6e4d20084ea206a89fdea1493f2b4cfa7271ee7220f2d70ba0dd86775d332e51c3878d2c10c4be4c3b95f94029a47fff66eb72a0a02f40398d58188bb1e040b8
SSDEEP

6144:aKELo7qp0yN90QE64Utj67SIQE5aHyD74veL4mKF4XXx46PWtYjUW5b:mLofy908OeIQqaHywvfmK8XjPWtuUg

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a3300bd250c3f457c47304d494a7740b_JaffaCakes118
- Size
  
  429KB
- MD5
  
  a3300bd250c3f457c47304d494a7740b
- SHA1
  
  cd4d72ac32eceda4815f730f71fdb418e7fd561e
- SHA256
  
  f3603cf72623943a82d830d3e63f9edf0392e062e25a1f65bbcece0739452bcf
- SHA512
  
  6e4d20084ea206a89fdea1493f2b4cfa7271ee7220f2d70ba0dd86775d332e51c3878d2c10c4be4c3b95f94029a47fff66eb72a0a02f40398d58188bb1e040b8
- SSDEEP
  
  6144:aKELo7qp0yN90QE64Utj67SIQE5aHyD74veL4mKF4XXx46PWtYjUW5b:mLofy908OeIQqaHywvfmK8XjPWtuUg
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence