9d405015a357955b5f89d6b2fe3adb196d856d267b1b82362e76fb05ecf08644 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b63a1a6b250712a44ab41a1343987958_JaffaCakes118
Size

136KB
Sample

240822-ecnynsxbkb
MD5

b63a1a6b250712a44ab41a1343987958
SHA1

c52a1b4dc799b24b711c4118fd5478bffb168b70
SHA256

9d405015a357955b5f89d6b2fe3adb196d856d267b1b82362e76fb05ecf08644
SHA512

2e49a30ae15e4bb25d1edbf62c81734633f2d497c506ce63882501a19badc26a8a91f5c35960b5b093b19379d88ae8c878fbbc37fee3d9de15b7529627da5740
SSDEEP

3072:+hbTknx18KvysI9mz1KHqZxgwBfrK48JTtJX42mUvs9b:AnQxWKlr1KKZXKHX1mmsh

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  b63a1a6b250712a44ab41a1343987958_JaffaCakes118
- Size
  
  136KB
- MD5
  
  b63a1a6b250712a44ab41a1343987958
- SHA1
  
  c52a1b4dc799b24b711c4118fd5478bffb168b70
- SHA256
  
  9d405015a357955b5f89d6b2fe3adb196d856d267b1b82362e76fb05ecf08644
- SHA512
  
  2e49a30ae15e4bb25d1edbf62c81734633f2d497c506ce63882501a19badc26a8a91f5c35960b5b093b19379d88ae8c878fbbc37fee3d9de15b7529627da5740
- SSDEEP
  
  3072:+hbTknx18KvysI9mz1KHqZxgwBfrK48JTtJX42mUvs9b:AnQxWKlr1KKZXKHX1mmsh
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence