08a7069872032849f0bbc3842e782a4567c8f7869e3634bd5ca25f43e1cadca8 | Triage

Sharing

General

Target

a53585f1bfb72d3f0e6b40155abc72ec_JaffaCakes118
Size

460KB
Sample

240818-dz5dhawbkq
MD5

a53585f1bfb72d3f0e6b40155abc72ec
SHA1

08ec519558bb13aaae174dcc311d9d3bedfab483
SHA256

08a7069872032849f0bbc3842e782a4567c8f7869e3634bd5ca25f43e1cadca8
SHA512

c6fe302592d6b780c42c83ede3175cf8edc35fdf8db8ae8478c1d2610e9c89b0905b5e6476647bd4b096655f5e8cb1db09feb036602f06ecc11bd0eb54dc23cf
SSDEEP

12288:5hYwRYTHQACYk7ce+n7pQR9dtSamzHT7q6U:nn3ACZf+n7qzSamzHy6U

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a53585f1bfb72d3f0e6b40155abc72ec_JaffaCakes118
- Size
  
  460KB
- MD5
  
  a53585f1bfb72d3f0e6b40155abc72ec
- SHA1
  
  08ec519558bb13aaae174dcc311d9d3bedfab483
- SHA256
  
  08a7069872032849f0bbc3842e782a4567c8f7869e3634bd5ca25f43e1cadca8
- SHA512
  
  c6fe302592d6b780c42c83ede3175cf8edc35fdf8db8ae8478c1d2610e9c89b0905b5e6476647bd4b096655f5e8cb1db09feb036602f06ecc11bd0eb54dc23cf
- SSDEEP
  
  12288:5hYwRYTHQACYk7ce+n7pQR9dtSamzHT7q6U:nn3ACZf+n7qzSamzHy6U
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence