558805791cafc0c1a6c3fe36abba203bafc04772a9974fb0d17de1e04d4060c9 | Triage

Sharing

General

Target

a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118
Size

243KB
Sample

240818-c2xk1a1amb
MD5

a50e56d1ff7b41a7a9fd1102ac83e666
SHA1

3dc939fe11eb303ffe00f4432649ed7cd6b6fadc
SHA256

558805791cafc0c1a6c3fe36abba203bafc04772a9974fb0d17de1e04d4060c9
SHA512

3ca99254f01814eeee9e3f7dba899a00749ad66fdf438be7ee9d9d1112062fbe06f038accdf0b23d30e44a586f2291d6a6ee972dc94af1174a88a67e7a342967
SSDEEP

6144:+qTOc8IKTiQPywsKtNBbqUBExSFYEeBs5qZRWsul:+qTOnWMjBNBcSFfeBYaRWs

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118
- Size
  
  243KB
- MD5
  
  a50e56d1ff7b41a7a9fd1102ac83e666
- SHA1
  
  3dc939fe11eb303ffe00f4432649ed7cd6b6fadc
- SHA256
  
  558805791cafc0c1a6c3fe36abba203bafc04772a9974fb0d17de1e04d4060c9
- SHA512
  
  3ca99254f01814eeee9e3f7dba899a00749ad66fdf438be7ee9d9d1112062fbe06f038accdf0b23d30e44a586f2291d6a6ee972dc94af1174a88a67e7a342967
- SSDEEP
  
  6144:+qTOc8IKTiQPywsKtNBbqUBExSFYEeBs5qZRWsul:+qTOnWMjBNBcSFfeBYaRWs
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence