74e09a7cc98c2138aa2c158f0877865c2928d5e37322c7444eb65eeb6967dc59 | Triage

Sharing

General

Target

c26413866339f9fa5481ca81d69d2786_JaffaCakes118
Size

47KB
Sample

240826-gfqmsazbnj
MD5

c26413866339f9fa5481ca81d69d2786
SHA1

f626bd14616244e27039b4fce3a37c07595a34e4
SHA256

74e09a7cc98c2138aa2c158f0877865c2928d5e37322c7444eb65eeb6967dc59
SHA512

443e3da037890c11ee8d7d6ac449ac1b9a86e0bc9b54d8b77d00bae39c8c1abc717c0f88389b39d34b26449a1ec6a1dd6e862eb3ee3e3623c335aebd66e88964
SSDEEP

384:dw0cbAUsKi3Bbh5vD91g/6e9JdYiTQH18eAHU6smAAcnZKh4lcW:i0HB3FHvvxe/dYpH187HEZA3y

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c26413866339f9fa5481ca81d69d2786_JaffaCakes118
- Size
  
  47KB
- MD5
  
  c26413866339f9fa5481ca81d69d2786
- SHA1
  
  f626bd14616244e27039b4fce3a37c07595a34e4
- SHA256
  
  74e09a7cc98c2138aa2c158f0877865c2928d5e37322c7444eb65eeb6967dc59
- SHA512
  
  443e3da037890c11ee8d7d6ac449ac1b9a86e0bc9b54d8b77d00bae39c8c1abc717c0f88389b39d34b26449a1ec6a1dd6e862eb3ee3e3623c335aebd66e88964
- SSDEEP
  
  384:dw0cbAUsKi3Bbh5vD91g/6e9JdYiTQH18eAHU6smAAcnZKh4lcW:i0HB3FHvvxe/dYpH187HEZA3y
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence