d05da286b9fd509181716d09c57b3a3589cd603a6a5f2b5f0ec672d28efbd6e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8ef9bed4e1bcefb79ff5284e858c231_JaffaCakes118
Size

163KB
Sample

240819-bbganavepb
MD5

a8ef9bed4e1bcefb79ff5284e858c231
SHA1

31fc96b59e1f2987b606a37e9f7164c350fb5825
SHA256

d05da286b9fd509181716d09c57b3a3589cd603a6a5f2b5f0ec672d28efbd6e0
SHA512

29b64978ce3a8deb8d4f546e0ed960bd586f87c456605c02dc790c1d2970ebafdfcfcebfb5c266fc920678e8cab055bb7d9548773538e4b9d62a6462db2b01a0
SSDEEP

3072:w8rxbE+oIbPlYHSRxWixWyClxt766fsQq16pitP2fKxXNkFSw/6ACUUKuBsIQJxA:wSjWiUyCpXsQy6pW2fGNgz/6UzuWI2A

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a8ef9bed4e1bcefb79ff5284e858c231_JaffaCakes118
- Size
  
  163KB
- MD5
  
  a8ef9bed4e1bcefb79ff5284e858c231
- SHA1
  
  31fc96b59e1f2987b606a37e9f7164c350fb5825
- SHA256
  
  d05da286b9fd509181716d09c57b3a3589cd603a6a5f2b5f0ec672d28efbd6e0
- SHA512
  
  29b64978ce3a8deb8d4f546e0ed960bd586f87c456605c02dc790c1d2970ebafdfcfcebfb5c266fc920678e8cab055bb7d9548773538e4b9d62a6462db2b01a0
- SSDEEP
  
  3072:w8rxbE+oIbPlYHSRxWixWyClxt766fsQq16pitP2fKxXNkFSw/6ACUUKuBsIQJxA:wSjWiUyCpXsQy6pW2fGNgz/6UzuWI2A
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence