f5f58db94aad814587c5749e4c69b51838db792c85bdff7645bf3d6ccc314b0b | Triage

Sharing

General

Target

c24f72672f344a8a66bddf2aae990d8c_JaffaCakes118
Size

959KB
Sample

240826-fech4axcrm
MD5

c24f72672f344a8a66bddf2aae990d8c
SHA1

bbaeba905222ed93690bb96a4ce7ad4624b6bb9f
SHA256

f5f58db94aad814587c5749e4c69b51838db792c85bdff7645bf3d6ccc314b0b
SHA512

914a8104c57c53e9df71ec4d93802cd964c7311d7dc80d7bcbc615c659bacfc8c7b6fdf9db67c76521ef921ef96c8fe78dce99c2d923545880a9af543f9a9726
SSDEEP

24576:+NOA02F4zM0pu6cb2GZ2/nWaIK2x45jszXtH7Vv:+8MkcfRaIYa7tbVv

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c24f72672f344a8a66bddf2aae990d8c_JaffaCakes118
- Size
  
  959KB
- MD5
  
  c24f72672f344a8a66bddf2aae990d8c
- SHA1
  
  bbaeba905222ed93690bb96a4ce7ad4624b6bb9f
- SHA256
  
  f5f58db94aad814587c5749e4c69b51838db792c85bdff7645bf3d6ccc314b0b
- SHA512
  
  914a8104c57c53e9df71ec4d93802cd964c7311d7dc80d7bcbc615c659bacfc8c7b6fdf9db67c76521ef921ef96c8fe78dce99c2d923545880a9af543f9a9726
- SSDEEP
  
  24576:+NOA02F4zM0pu6cb2GZ2/nWaIK2x45jszXtH7Vv:+8MkcfRaIYa7tbVv
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence