914d91f1a9fef5b0fd9f3620e0e8c9c049af55a7e3a4cf26f350daddae62b419 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dadf7d6c9c4d577f4a87eed53a0105ec_JaffaCakes118
Size

157KB
Sample

240911-v5lxsatarn
MD5

dadf7d6c9c4d577f4a87eed53a0105ec
SHA1

6c7d3b479bc515d93cb0d3aa137762ef0ab186a3
SHA256

914d91f1a9fef5b0fd9f3620e0e8c9c049af55a7e3a4cf26f350daddae62b419
SHA512

5969956ff8956c0b1e95b8f3d36ef858491568cba22d136d3db4a47b1d31c614628dd5e7ad3bc7587c1b4eeb82c24c5dfdc40991181f80d3a76add27f67653fa
SSDEEP

3072:h5HStQcl5cn1cbKWhT/ABoSOyi6wbPNP2KGq1ix5uBqJf0aC:hBSmc0nUNyoYq0qL3aC

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  dadf7d6c9c4d577f4a87eed53a0105ec_JaffaCakes118
- Size
  
  157KB
- MD5
  
  dadf7d6c9c4d577f4a87eed53a0105ec
- SHA1
  
  6c7d3b479bc515d93cb0d3aa137762ef0ab186a3
- SHA256
  
  914d91f1a9fef5b0fd9f3620e0e8c9c049af55a7e3a4cf26f350daddae62b419
- SHA512
  
  5969956ff8956c0b1e95b8f3d36ef858491568cba22d136d3db4a47b1d31c614628dd5e7ad3bc7587c1b4eeb82c24c5dfdc40991181f80d3a76add27f67653fa
- SSDEEP
  
  3072:h5HStQcl5cn1cbKWhT/ABoSOyi6wbPNP2KGq1ix5uBqJf0aC:hBSmc0nUNyoYq0qL3aC
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence