c2348846b38573ae1e926cc67e561d0ee3600696b5eb16c8cca5edf0e81c43ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab2546f949ead0848d5e8f086a1f5fd6_JaffaCakes118
Size

31KB
Sample

240819-qddpwavhqh
MD5

ab2546f949ead0848d5e8f086a1f5fd6
SHA1

cba8058ea7310016e68dec02b2bb17a288590a23
SHA256

c2348846b38573ae1e926cc67e561d0ee3600696b5eb16c8cca5edf0e81c43ac
SHA512

324aeb66a81fc1b992b7f63683244d99ef2f3fc968a34c2bc348aafee22eda8416845fa0a54951ad0cc38c3a716a65d74dca19b973e226c951cf10a3274874c7
SSDEEP

768:FdNnMLkH+xuRoXK64fKjuY/HbPoVk5PRxSlzlY:FXMLvuKXK6yKjP/7gkai

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  ab2546f949ead0848d5e8f086a1f5fd6_JaffaCakes118
- Size
  
  31KB
- MD5
  
  ab2546f949ead0848d5e8f086a1f5fd6
- SHA1
  
  cba8058ea7310016e68dec02b2bb17a288590a23
- SHA256
  
  c2348846b38573ae1e926cc67e561d0ee3600696b5eb16c8cca5edf0e81c43ac
- SHA512
  
  324aeb66a81fc1b992b7f63683244d99ef2f3fc968a34c2bc348aafee22eda8416845fa0a54951ad0cc38c3a716a65d74dca19b973e226c951cf10a3274874c7
- SSDEEP
  
  768:FdNnMLkH+xuRoXK64fKjuY/HbPoVk5PRxSlzlY:FXMLvuKXK6yKjP/7gkai
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence