bab14ed2978adf9de1480b3502eec4bb8f1df683138e559b06365913a6f5f43c | Triage

Sharing

General

Target

c79cfee23ce57b9da9f669f27a8c45b7_JaffaCakes118
Size

31KB
Sample

240828-zg9q6avemc
MD5

c79cfee23ce57b9da9f669f27a8c45b7
SHA1

dac8668c2817ae50855453c2f1d69eecc00da999
SHA256

bab14ed2978adf9de1480b3502eec4bb8f1df683138e559b06365913a6f5f43c
SHA512

1c38c8b2bd5c32da643fd037b132737fbf5f8aaeaf960ac76fc520f25a2dd0b52665e976a6b9fab7bb8eaa990e43c577a0f84322df331b25f2bc9c4c02713714
SSDEEP

768:lSAQLX2Uwv7WVDySniNcbWGhWY9tofdZmWFvAPHQP:lrU0v7BMN9t6FQHQP

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  c79cfee23ce57b9da9f669f27a8c45b7_JaffaCakes118
- Size
  
  31KB
- MD5
  
  c79cfee23ce57b9da9f669f27a8c45b7
- SHA1
  
  dac8668c2817ae50855453c2f1d69eecc00da999
- SHA256
  
  bab14ed2978adf9de1480b3502eec4bb8f1df683138e559b06365913a6f5f43c
- SHA512
  
  1c38c8b2bd5c32da643fd037b132737fbf5f8aaeaf960ac76fc520f25a2dd0b52665e976a6b9fab7bb8eaa990e43c577a0f84322df331b25f2bc9c4c02713714
- SSDEEP
  
  768:lSAQLX2Uwv7WVDySniNcbWGhWY9tofdZmWFvAPHQP:lrU0v7BMN9t6FQHQP
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence