779b572e0fbed135dd5c745bb28eb5289313bc1741b9e880ccbcbf06f07e32ba | Triage

Sharing

General

Target

bfdd3ce3c65defe2f1e56f754ed14580_JaffaCakes118
Size

214KB
Sample

240825-bzmgkssgmj
MD5

bfdd3ce3c65defe2f1e56f754ed14580
SHA1

7beebdf4b398948ffcc792ff7d7da6ce90c0b438
SHA256

779b572e0fbed135dd5c745bb28eb5289313bc1741b9e880ccbcbf06f07e32ba
SHA512

4bee790cee7bdc134ae859a62ab63de6067e1f2d96388400f4069ce834e5bb4132c4a9ad69ec924af137a73378e978170627ec8377ea55f4d9b034534e2e61b3
SSDEEP

3072:PWf6XsOYCyIVt4dkDmL25pm+E84dfl8GoaxdBNiQhxf4pwlaqUtZEma+h8ybAh:PWC8O9F4dn25bElfl88XP4qvh+h8yQ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  bfdd3ce3c65defe2f1e56f754ed14580_JaffaCakes118
- Size
  
  214KB
- MD5
  
  bfdd3ce3c65defe2f1e56f754ed14580
- SHA1
  
  7beebdf4b398948ffcc792ff7d7da6ce90c0b438
- SHA256
  
  779b572e0fbed135dd5c745bb28eb5289313bc1741b9e880ccbcbf06f07e32ba
- SHA512
  
  4bee790cee7bdc134ae859a62ab63de6067e1f2d96388400f4069ce834e5bb4132c4a9ad69ec924af137a73378e978170627ec8377ea55f4d9b034534e2e61b3
- SSDEEP
  
  3072:PWf6XsOYCyIVt4dkDmL25pm+E84dfl8GoaxdBNiQhxf4pwlaqUtZEma+h8ybAh:PWC8O9F4dn25bElfl88XP4qvh+h8yQ
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence