354b6be54584bdbd44f2540f133e08981b7db9270b746788b9ff02ce7543e1bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9e27da50b0da34ac10fd9ba93b09186_JaffaCakes118
Size

128KB
Sample

240911-jelcsaygmn
MD5

d9e27da50b0da34ac10fd9ba93b09186
SHA1

38a2383d2cd3726b54458b0a825d7bd56a79676e
SHA256

354b6be54584bdbd44f2540f133e08981b7db9270b746788b9ff02ce7543e1bc
SHA512

a82790d19da9f69cef119d7bbebdb8fe0a85cb164141dc4f25139eb3e72816d145d11e4cc9499a5f86a343f2a087c8f5e723269377bf08be12a4770a103c91e4
SSDEEP

1536:MV8EdTxdpbB2TFu8kOU+Jth4iSaRABKkLl9J3UlTf3WfbZzaz7GblDm9:SpdTlbB2giJthl6B1Z95UtWd07GblDm

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  d9e27da50b0da34ac10fd9ba93b09186_JaffaCakes118
- Size
  
  128KB
- MD5
  
  d9e27da50b0da34ac10fd9ba93b09186
- SHA1
  
  38a2383d2cd3726b54458b0a825d7bd56a79676e
- SHA256
  
  354b6be54584bdbd44f2540f133e08981b7db9270b746788b9ff02ce7543e1bc
- SHA512
  
  a82790d19da9f69cef119d7bbebdb8fe0a85cb164141dc4f25139eb3e72816d145d11e4cc9499a5f86a343f2a087c8f5e723269377bf08be12a4770a103c91e4
- SSDEEP
  
  1536:MV8EdTxdpbB2TFu8kOU+Jth4iSaRABKkLl9J3UlTf3WfbZzaz7GblDm9:SpdTlbB2giJthl6B1Z95UtWd07GblDm
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence