880999d64ef9755e0f71e37722f43f633225c4e45676d52f3e98c1172ead78bd | Triage

Sharing

General

Target

e0b800ae181fecf4da4378ade7ddb584_JaffaCakes118
Size

44KB
Sample

240914-whtjsaxele
MD5

e0b800ae181fecf4da4378ade7ddb584
SHA1

73073412f60ca70985ccb75743560cd70e836183
SHA256

880999d64ef9755e0f71e37722f43f633225c4e45676d52f3e98c1172ead78bd
SHA512

133b068dc4198992e70fe811d805f81381f824915592f1c41b87489732d83df303d3c4ba3bcc7b1c8239ba9e541ec6cb3e0c22db1841a6c8363e8cf330e9fe4b
SSDEEP

768:+h3hOahQo3idDaY0NO7xXgg/PjcDFRX2hyKRSC:Hocmhiqg/Lc5RSBRSC

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  e0b800ae181fecf4da4378ade7ddb584_JaffaCakes118
- Size
  
  44KB
- MD5
  
  e0b800ae181fecf4da4378ade7ddb584
- SHA1
  
  73073412f60ca70985ccb75743560cd70e836183
- SHA256
  
  880999d64ef9755e0f71e37722f43f633225c4e45676d52f3e98c1172ead78bd
- SHA512
  
  133b068dc4198992e70fe811d805f81381f824915592f1c41b87489732d83df303d3c4ba3bcc7b1c8239ba9e541ec6cb3e0c22db1841a6c8363e8cf330e9fe4b
- SSDEEP
  
  768:+h3hOahQo3idDaY0NO7xXgg/PjcDFRX2hyKRSC:Hocmhiqg/Lc5RSBRSC
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence