fb94c21f3464168fd92c8e31a49d6acbdb183f5f1c8512eaf074315836f21c48 | Triage

Sharing

General

Target

bf4e5ff4a16a94aac54b7eb426f4a0d6_JaffaCakes118
Size

690KB
Sample

240824-yrn2rsycmq
MD5

bf4e5ff4a16a94aac54b7eb426f4a0d6
SHA1

b19caf1ca0922596b39a4a7f083a7cae5d450f1c
SHA256

fb94c21f3464168fd92c8e31a49d6acbdb183f5f1c8512eaf074315836f21c48
SHA512

1c40dbb72f99ee4b97ba9bd6c3586e4cf91deb75b42c1f852478a309f2e527ca522cf5acca08e84aa1871ce3ee60b793d1a43abb6d3a76c47f35439c1fefa0d6
SSDEEP

12288:/GcoX9nw5KwZgSCP70sZvqmBG0qLAWmhuKf3Smw+VInXDcTTYLG:RaVw5S34x6GaHuKf3l5V6cTTYS

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  bf4e5ff4a16a94aac54b7eb426f4a0d6_JaffaCakes118
- Size
  
  690KB
- MD5
  
  bf4e5ff4a16a94aac54b7eb426f4a0d6
- SHA1
  
  b19caf1ca0922596b39a4a7f083a7cae5d450f1c
- SHA256
  
  fb94c21f3464168fd92c8e31a49d6acbdb183f5f1c8512eaf074315836f21c48
- SHA512
  
  1c40dbb72f99ee4b97ba9bd6c3586e4cf91deb75b42c1f852478a309f2e527ca522cf5acca08e84aa1871ce3ee60b793d1a43abb6d3a76c47f35439c1fefa0d6
- SSDEEP
  
  12288:/GcoX9nw5KwZgSCP70sZvqmBG0qLAWmhuKf3Smw+VInXDcTTYLG:RaVw5S34x6GaHuKf3l5V6cTTYS
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2