d80459b207a0c50f203ce7bc228ee19c186e10868fc2232d034e982fb9a84fe6 | Triage

Sharing

General

Target

a6430c676166dd4db105f8bb82a55e8d_JaffaCakes118
Size

87KB
Sample

240818-ljlkfszfrr
MD5

a6430c676166dd4db105f8bb82a55e8d
SHA1

c3851a59386b804964c27bfd768afb7f1adee005
SHA256

d80459b207a0c50f203ce7bc228ee19c186e10868fc2232d034e982fb9a84fe6
SHA512

16f26fdc2dca10e0fd163b644a3cc627e7f26ea0e0b1bafc82170319ecaf0d1d9436197469bc866954e53cb514d8c3e851c063c6c0a8396bbaf91ba285d48883
SSDEEP

1536:Ca+4evduxy+gtju8UOfbhaLNR9DVpz7PgEpGlWt/aHH3gadTAu+o:C7duU+gtjuAfbh8tDVKEpGgt/S3dd0Fo

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a6430c676166dd4db105f8bb82a55e8d_JaffaCakes118
- Size
  
  87KB
- MD5
  
  a6430c676166dd4db105f8bb82a55e8d
- SHA1
  
  c3851a59386b804964c27bfd768afb7f1adee005
- SHA256
  
  d80459b207a0c50f203ce7bc228ee19c186e10868fc2232d034e982fb9a84fe6
- SHA512
  
  16f26fdc2dca10e0fd163b644a3cc627e7f26ea0e0b1bafc82170319ecaf0d1d9436197469bc866954e53cb514d8c3e851c063c6c0a8396bbaf91ba285d48883
- SSDEEP
  
  1536:Ca+4evduxy+gtju8UOfbhaLNR9DVpz7PgEpGlWt/aHH3gadTAu+o:C7duU+gtjuAfbh8tDVKEpGgt/S3dd0Fo
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence