1218ac83fb1bb4c49de83dbeda959adde2e5608bfbbc97702b69a29d6d123537 | Triage

Sharing

General

Target

b1f7864d12ccf6cf4aa393cc6a9cbe52_JaffaCakes118
Size

327KB
Sample

240821-d7bfdsyare
MD5

b1f7864d12ccf6cf4aa393cc6a9cbe52
SHA1

3d6f59f1a074b32eb190e9f345986b683771e50d
SHA256

1218ac83fb1bb4c49de83dbeda959adde2e5608bfbbc97702b69a29d6d123537
SHA512

84b07b6445114ef9bbe2393b3ea75b73d45ffa3491e8790640929a6809773e4791bb2953150f083ff78c86fa78d318db6b8d07e7804ebc9f16fe96d0852ef4e3
SSDEEP

6144:YVc/0BjPcb6GZ+Iu710mhvrfkQQ4hMen8XasR+Mnu2j7:QBa+IZMUTen8XaOpu2n

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  b1f7864d12ccf6cf4aa393cc6a9cbe52_JaffaCakes118
- Size
  
  327KB
- MD5
  
  b1f7864d12ccf6cf4aa393cc6a9cbe52
- SHA1
  
  3d6f59f1a074b32eb190e9f345986b683771e50d
- SHA256
  
  1218ac83fb1bb4c49de83dbeda959adde2e5608bfbbc97702b69a29d6d123537
- SHA512
  
  84b07b6445114ef9bbe2393b3ea75b73d45ffa3491e8790640929a6809773e4791bb2953150f083ff78c86fa78d318db6b8d07e7804ebc9f16fe96d0852ef4e3
- SSDEEP
  
  6144:YVc/0BjPcb6GZ+Iu710mhvrfkQQ4hMen8XasR+Mnu2j7:QBa+IZMUTen8XaOpu2n
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence