5a7eea6bad4bb30b48ad284784e5814be4533812aea6767571bac1fa304965b0 | Triage

Sharing

General

Target

eaae7f38e3be58b28bfeb2e7fb675a59_JaffaCakes118
Size

294KB
Sample

240919-gabxfataqd
MD5

eaae7f38e3be58b28bfeb2e7fb675a59
SHA1

26e8cc4f9166552b230d337dd82f51d42cc38b57
SHA256

5a7eea6bad4bb30b48ad284784e5814be4533812aea6767571bac1fa304965b0
SHA512

df5435d7dd1fabf075786ed0e4723fc4a9a4e9927d9ed1e3ee08a0592e3416da5fb51874624437c1ff52f558d7a36157f8f8fed64e1bf5c7f6d9bd43378daa61
SSDEEP

6144:uGxDoQSV9eDd5i4zEiQYRHtAFJl5UHa3/2D9nl9JvmVyhCwt:cQS7AdhBE263+D9nPJ+VyhCwt

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  eaae7f38e3be58b28bfeb2e7fb675a59_JaffaCakes118
- Size
  
  294KB
- MD5
  
  eaae7f38e3be58b28bfeb2e7fb675a59
- SHA1
  
  26e8cc4f9166552b230d337dd82f51d42cc38b57
- SHA256
  
  5a7eea6bad4bb30b48ad284784e5814be4533812aea6767571bac1fa304965b0
- SHA512
  
  df5435d7dd1fabf075786ed0e4723fc4a9a4e9927d9ed1e3ee08a0592e3416da5fb51874624437c1ff52f558d7a36157f8f8fed64e1bf5c7f6d9bd43378daa61
- SSDEEP
  
  6144:uGxDoQSV9eDd5i4zEiQYRHtAFJl5UHa3/2D9nl9JvmVyhCwt:cQS7AdhBE263+D9nPJ+VyhCwt
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence