d6f7af169a28bebe54ece5df440263796c4fc8d160f3e6dfb0e5d83583f2e3a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af3134cbb2333c7ff2fa6bb43a2a0aa9_JaffaCakes118
Size

1.5MB
Sample

240820-pjc5vsvfrj
MD5

af3134cbb2333c7ff2fa6bb43a2a0aa9
SHA1

916e27e20076bf3c0d001fb7d4aebc371c6385ed
SHA256

d6f7af169a28bebe54ece5df440263796c4fc8d160f3e6dfb0e5d83583f2e3a3
SHA512

234760f1c6a8136815885f1bbb7bda1d91c9e25d8bfc08a6792636440b571e1d36a653388fc98932f7e44640fbd8f45c4c0ed2b717f420f07fc9c15ba4c89b70
SSDEEP

24576:8e4gydqC8y94g/JspklpvThCTWidRpwg110BovwyBvMBuV7V6O7GnpT+5A3sduZQ:8ngoJiXwhQ/pwY0SIg6OE+5cguZQ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  af3134cbb2333c7ff2fa6bb43a2a0aa9_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  af3134cbb2333c7ff2fa6bb43a2a0aa9
- SHA1
  
  916e27e20076bf3c0d001fb7d4aebc371c6385ed
- SHA256
  
  d6f7af169a28bebe54ece5df440263796c4fc8d160f3e6dfb0e5d83583f2e3a3
- SHA512
  
  234760f1c6a8136815885f1bbb7bda1d91c9e25d8bfc08a6792636440b571e1d36a653388fc98932f7e44640fbd8f45c4c0ed2b717f420f07fc9c15ba4c89b70
- SSDEEP
  
  24576:8e4gydqC8y94g/JspklpvThCTWidRpwg110BovwyBvMBuV7V6O7GnpT+5A3sduZQ:8ngoJiXwhQ/pwY0SIg6OE+5cguZQ
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence