dcacfcf53c8ccb10edff0852d750fef02695884b407bc3596746af9df358bdde | Triage

Sharing

General

Target

da665f559abd4989a80995dd6dda129a_JaffaCakes118
Size

71KB
Sample

240911-p85leasbke
MD5

da665f559abd4989a80995dd6dda129a
SHA1

4b19ea54e57b8902585624d137c10273a339cdec
SHA256

dcacfcf53c8ccb10edff0852d750fef02695884b407bc3596746af9df358bdde
SHA512

2cf3d6f31bd52f1f3dec4c84cee64497839fca8ec4b21f8bdd5419ed355edd70402f054a6ba361110c249a11284fc6f2ffa4103ed3dd93bada24b00b025a5994
SSDEEP

1536:WBej95nI6HSpc+UIqnEixqOLaJ5bODOHC:7LnI6RoqnxqRjUOHC

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  da665f559abd4989a80995dd6dda129a_JaffaCakes118
- Size
  
  71KB
- MD5
  
  da665f559abd4989a80995dd6dda129a
- SHA1
  
  4b19ea54e57b8902585624d137c10273a339cdec
- SHA256
  
  dcacfcf53c8ccb10edff0852d750fef02695884b407bc3596746af9df358bdde
- SHA512
  
  2cf3d6f31bd52f1f3dec4c84cee64497839fca8ec4b21f8bdd5419ed355edd70402f054a6ba361110c249a11284fc6f2ffa4103ed3dd93bada24b00b025a5994
- SSDEEP
  
  1536:WBej95nI6HSpc+UIqnEixqOLaJ5bODOHC:7LnI6RoqnxqRjUOHC
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence