add205d0c68984196bbc36a34833b3816bc41a63bb0638c3b3c7236df140b1f8 | Triage

Sharing

General

Target

eac3b5c8b29a2da696b3bfe4f3f062a0_JaffaCakes118
Size

88KB
Sample

240919-hadlpsvhlj
MD5

eac3b5c8b29a2da696b3bfe4f3f062a0
SHA1

a80f593f0b42942eeabacf03597993d444569578
SHA256

add205d0c68984196bbc36a34833b3816bc41a63bb0638c3b3c7236df140b1f8
SHA512

0fc46a6ad57e54424f8582bc9292b80f3f94c8e2588e96856b5ca52411c381195d3a9ce7daaf4f35b9556897a1d4e84ab85860472c274fdbf5d00caff3c591f2
SSDEEP

1536:by+/zjdvA8I3eLQAJxa7gRBVBYgLle3li/6AZWIGDVW2Oy:++U3GnxpBVBYgLAVi/6AZWIGDVW2

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  eac3b5c8b29a2da696b3bfe4f3f062a0_JaffaCakes118
- Size
  
  88KB
- MD5
  
  eac3b5c8b29a2da696b3bfe4f3f062a0
- SHA1
  
  a80f593f0b42942eeabacf03597993d444569578
- SHA256
  
  add205d0c68984196bbc36a34833b3816bc41a63bb0638c3b3c7236df140b1f8
- SHA512
  
  0fc46a6ad57e54424f8582bc9292b80f3f94c8e2588e96856b5ca52411c381195d3a9ce7daaf4f35b9556897a1d4e84ab85860472c274fdbf5d00caff3c591f2
- SSDEEP
  
  1536:by+/zjdvA8I3eLQAJxa7gRBVBYgLle3li/6AZWIGDVW2Oy:++U3GnxpBVBYgLAVi/6AZWIGDVW2
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence