6d6f85116a069457cb63241a70b8330e2585d6d0b6d59dfd25ccae562c9105ae | Triage

Sharing

General

Target

dcd63f6b7cf6e396b3e5579097c62702_JaffaCakes118
Size

918KB
Sample

240912-xej2lsyclq
MD5

dcd63f6b7cf6e396b3e5579097c62702
SHA1

2be5160becfb913db5edb3406bd38d635bf295da
SHA256

6d6f85116a069457cb63241a70b8330e2585d6d0b6d59dfd25ccae562c9105ae
SHA512

24cf2c6552f4a20512b0cba45880493f1e24cce1f1dbc5f29787e2174d90cdb523804d50e98a3595720efb1c1d8fc15538414c671b710e273811c4d0ccf8dc24
SSDEEP

24576:OxqT31T6WE6I5jKqosOm+bBNghrofkG0V:Z6WE6IN95+bBNgikG0V

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  dcd63f6b7cf6e396b3e5579097c62702_JaffaCakes118
- Size
  
  918KB
- MD5
  
  dcd63f6b7cf6e396b3e5579097c62702
- SHA1
  
  2be5160becfb913db5edb3406bd38d635bf295da
- SHA256
  
  6d6f85116a069457cb63241a70b8330e2585d6d0b6d59dfd25ccae562c9105ae
- SHA512
  
  24cf2c6552f4a20512b0cba45880493f1e24cce1f1dbc5f29787e2174d90cdb523804d50e98a3595720efb1c1d8fc15538414c671b710e273811c4d0ccf8dc24
- SSDEEP
  
  24576:OxqT31T6WE6I5jKqosOm+bBNghrofkG0V:Z6WE6IN95+bBNgikG0V
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence