341e2c7a124853b1ef9d3b3f005512ac2fd735e73ef98013ab95c6345fc96821 | Triage

Sharing

General

Target

cedcc9ca3e29a3eb5bce0f48b3f1adcf_JaffaCakes118
Size

146KB
Sample

240906-g1kbha1cjh
MD5

cedcc9ca3e29a3eb5bce0f48b3f1adcf
SHA1

155461b5c31e69cab861aa95ec1aefc6d3a63714
SHA256

341e2c7a124853b1ef9d3b3f005512ac2fd735e73ef98013ab95c6345fc96821
SHA512

6ded7e8a051e67a78f9642f8beb12556bb4d0c4204c90fa786e05f381831fba1375e969ff38b62b1ecff3e0988534069cb0fdde0bd02511e9c09fdeb8caa0089
SSDEEP

3072:8YA8iTvJk6o/KNSVP6mj8BhaSzppyURXHFMWc0:K8iTvm6UKNyuhJnVz

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  cedcc9ca3e29a3eb5bce0f48b3f1adcf_JaffaCakes118
- Size
  
  146KB
- MD5
  
  cedcc9ca3e29a3eb5bce0f48b3f1adcf
- SHA1
  
  155461b5c31e69cab861aa95ec1aefc6d3a63714
- SHA256
  
  341e2c7a124853b1ef9d3b3f005512ac2fd735e73ef98013ab95c6345fc96821
- SHA512
  
  6ded7e8a051e67a78f9642f8beb12556bb4d0c4204c90fa786e05f381831fba1375e969ff38b62b1ecff3e0988534069cb0fdde0bd02511e9c09fdeb8caa0089
- SSDEEP
  
  3072:8YA8iTvJk6o/KNSVP6mj8BhaSzppyURXHFMWc0:K8iTvm6UKNyuhJnVz
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2