0ec20e64500f44e2e6522780231260a0f23f39ef575e5d76279029b539d49a5d | Triage

Sharing

General

Target

cfe24cb8838f20a224f66b81d359aa8e_JaffaCakes118
Size

323KB
Sample

240906-s63ktavenh
MD5

cfe24cb8838f20a224f66b81d359aa8e
SHA1

053ee9b49573c3141d322ddf848fa204b0ba2c98
SHA256

0ec20e64500f44e2e6522780231260a0f23f39ef575e5d76279029b539d49a5d
SHA512

a35f395d1e30e3833d5134722745e352ccd477bed63f00b1ec427a150231f5f88470ea80c7fcd3ec783a0b40e9d9b951f0a17bc919ad8942e0634fe879aa755d
SSDEEP

6144:jB0DFutpHEBEbBiE5tfFwQVXS948MjuNU7MqKep8cR0GHK2Xny/7Dqdf/aS:jB0DFqF7BiCttwaa48MjuNKMM30R2ioz

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  cfe24cb8838f20a224f66b81d359aa8e_JaffaCakes118
- Size
  
  323KB
- MD5
  
  cfe24cb8838f20a224f66b81d359aa8e
- SHA1
  
  053ee9b49573c3141d322ddf848fa204b0ba2c98
- SHA256
  
  0ec20e64500f44e2e6522780231260a0f23f39ef575e5d76279029b539d49a5d
- SHA512
  
  a35f395d1e30e3833d5134722745e352ccd477bed63f00b1ec427a150231f5f88470ea80c7fcd3ec783a0b40e9d9b951f0a17bc919ad8942e0634fe879aa755d
- SSDEEP
  
  6144:jB0DFutpHEBEbBiE5tfFwQVXS948MjuNU7MqKep8cR0GHK2Xny/7Dqdf/aS:jB0DFqF7BiCttwaa48MjuNKMM30R2ioz
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence