fea63acefa5a9667f861330e52a60e93cb8a28878987ef7f4a1a51824d68528a | Triage

Sharing

General

Target

ea97a6a532bc926e40f2f1da11fb0fd7_JaffaCakes118
Size

260KB
Sample

240919-e6hnra1dmd
MD5

ea97a6a532bc926e40f2f1da11fb0fd7
SHA1

4f6ce97f457de83c78956b4d79f80054736415b6
SHA256

fea63acefa5a9667f861330e52a60e93cb8a28878987ef7f4a1a51824d68528a
SHA512

411ef0b3e69c7cb394a2b37676c2b2798be8ff81ddf48599755a0d27fbdf0bd198b9db01b51497d92cd7b6dda2d9497401870ba1e3b1f5b3348c7d0f68bb8a9c
SSDEEP

3072:+eLeUjGXzojTtWC86tTBfK1tXdO/fCccixj/GZ7XmplPSjZpnlJc/Smg1FXtDGwN:0UkzyTs6tTBzDetEmpnncqr1FXtyhq5

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ea97a6a532bc926e40f2f1da11fb0fd7_JaffaCakes118
- Size
  
  260KB
- MD5
  
  ea97a6a532bc926e40f2f1da11fb0fd7
- SHA1
  
  4f6ce97f457de83c78956b4d79f80054736415b6
- SHA256
  
  fea63acefa5a9667f861330e52a60e93cb8a28878987ef7f4a1a51824d68528a
- SHA512
  
  411ef0b3e69c7cb394a2b37676c2b2798be8ff81ddf48599755a0d27fbdf0bd198b9db01b51497d92cd7b6dda2d9497401870ba1e3b1f5b3348c7d0f68bb8a9c
- SSDEEP
  
  3072:+eLeUjGXzojTtWC86tTBfK1tXdO/fCccixj/GZ7XmplPSjZpnlJc/Smg1FXtDGwN:0UkzyTs6tTBzDetEmpnncqr1FXtyhq5
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence