75d540d98233069e7f65f4f7dfda60ebd2fe308ca518b96057a9432ffa8a8248 | Triage

Sharing

General

Target

defa25f93f0cb000166a1ed5b9a6f176_JaffaCakes118
Size

2.1MB
Sample

240913-1wjnyssala
MD5

defa25f93f0cb000166a1ed5b9a6f176
SHA1

70e5fd8b8082569e26c75292b48ce768cfcd8a73
SHA256

75d540d98233069e7f65f4f7dfda60ebd2fe308ca518b96057a9432ffa8a8248
SHA512

a6069c296f948a13d8a46a68ec37ab0fd6d55f0a21d40b94e2edea0a60488329b218f208821a0ef4593707ed0a6bed5f6299ce95eacc60c9f99ee85c1d2f716e
SSDEEP

49152:e7wShyV2kelsdPhYtQry+6s/XxM3KYNDA/gk2SrTJs:eMSkV2ke2GO6s/hYtDIHrts

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  defa25f93f0cb000166a1ed5b9a6f176_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  defa25f93f0cb000166a1ed5b9a6f176
- SHA1
  
  70e5fd8b8082569e26c75292b48ce768cfcd8a73
- SHA256
  
  75d540d98233069e7f65f4f7dfda60ebd2fe308ca518b96057a9432ffa8a8248
- SHA512
  
  a6069c296f948a13d8a46a68ec37ab0fd6d55f0a21d40b94e2edea0a60488329b218f208821a0ef4593707ed0a6bed5f6299ce95eacc60c9f99ee85c1d2f716e
- SSDEEP
  
  49152:e7wShyV2kelsdPhYtQry+6s/XxM3KYNDA/gk2SrTJs:eMSkV2ke2GO6s/hYtDIHrts
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence