36f8373ab79649fc9d654e521207a818645a0915a0069ce439db887ff5f72a23 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0a0e4055b360b1fef3d15e9541d76aa_JaffaCakes118
Size

381KB
Sample

240825-ne4lkstbrq
MD5

c0a0e4055b360b1fef3d15e9541d76aa
SHA1

d5964f5b475c0e88e97d8a6f76cc6aeb884eafa0
SHA256

36f8373ab79649fc9d654e521207a818645a0915a0069ce439db887ff5f72a23
SHA512

b925a3246298b3b0c64f0f11afbeec7f2ba9955c7929f1e1e72884d2bb0ea2f021b7f7764efa35a899ee1d71f2d0b6caaf5b0e8fe9658a310e3436881735ec18
SSDEEP

6144:Ia3f8Yb0u86b+3ieT1cACTfgjdlAhDU6ktvXvxNHKSR4R/VSAGf9gCPV6H0:Iav8hDf1kfgjdlA9YXJNHKSYmg6U0

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c0a0e4055b360b1fef3d15e9541d76aa_JaffaCakes118
- Size
  
  381KB
- MD5
  
  c0a0e4055b360b1fef3d15e9541d76aa
- SHA1
  
  d5964f5b475c0e88e97d8a6f76cc6aeb884eafa0
- SHA256
  
  36f8373ab79649fc9d654e521207a818645a0915a0069ce439db887ff5f72a23
- SHA512
  
  b925a3246298b3b0c64f0f11afbeec7f2ba9955c7929f1e1e72884d2bb0ea2f021b7f7764efa35a899ee1d71f2d0b6caaf5b0e8fe9658a310e3436881735ec18
- SSDEEP
  
  6144:Ia3f8Yb0u86b+3ieT1cACTfgjdlAhDU6ktvXvxNHKSR4R/VSAGf9gCPV6H0:Iav8hDf1kfgjdlA9YXJNHKSYmg6U0
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence