c18c252b3c26cdcfed199b033e168bf9b46acf960e0611d73fc41b291a8f5146 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad7fe9a2bb7e9d97a973fc81d6c56633_JaffaCakes118
Size

183KB
Sample

240820-cl33vayeje
MD5

ad7fe9a2bb7e9d97a973fc81d6c56633
SHA1

1e96fb3b62f8473ea1d653ea142d6d2dcbd0ee7d
SHA256

c18c252b3c26cdcfed199b033e168bf9b46acf960e0611d73fc41b291a8f5146
SHA512

0ca9277ad88d38c0dee03dd6d879045f1ff712f0028277cfbfb6d641fc52ee8aaf3893f2af606b2fb176b3414b81af8159895b1d16ee8d8ade8b27793bb192ad
SSDEEP

3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8OpsI:o68i3odBiTl2+TCU/bI

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ad7fe9a2bb7e9d97a973fc81d6c56633_JaffaCakes118
- Size
  
  183KB
- MD5
  
  ad7fe9a2bb7e9d97a973fc81d6c56633
- SHA1
  
  1e96fb3b62f8473ea1d653ea142d6d2dcbd0ee7d
- SHA256
  
  c18c252b3c26cdcfed199b033e168bf9b46acf960e0611d73fc41b291a8f5146
- SHA512
  
  0ca9277ad88d38c0dee03dd6d879045f1ff712f0028277cfbfb6d641fc52ee8aaf3893f2af606b2fb176b3414b81af8159895b1d16ee8d8ade8b27793bb192ad
- SSDEEP
  
  3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8OpsI:o68i3odBiTl2+TCU/bI
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence