9b6247e71ab6026c5622b3b27627205072ce2bc6ac7043fc1d27d13261faa9cd | Triage

Sharing

General

Target

eb1f0d66d83d6c92aca7f5488487c606_JaffaCakes118
Size

89KB
Sample

240919-maz7xstakf
MD5

eb1f0d66d83d6c92aca7f5488487c606
SHA1

1eb75c48fabbb85894ded839e6a6da73a702d594
SHA256

9b6247e71ab6026c5622b3b27627205072ce2bc6ac7043fc1d27d13261faa9cd
SHA512

6de9c5d7fbd28f51682c72ef40178a3a8beda48ec165cae2a0d4510d28335dac979265d449d8e3a397b881f2d9c714fe5de18d9832e449edce6e517128180cd2
SSDEEP

1536:20sq3eLAW97ti/usXNuAdQgYK/qlhvnNTslSAg75FShpRrufceK+ZCl:gd97ti/39UR6q/NTsleHSnVhV+ZCl

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  eb1f0d66d83d6c92aca7f5488487c606_JaffaCakes118
- Size
  
  89KB
- MD5
  
  eb1f0d66d83d6c92aca7f5488487c606
- SHA1
  
  1eb75c48fabbb85894ded839e6a6da73a702d594
- SHA256
  
  9b6247e71ab6026c5622b3b27627205072ce2bc6ac7043fc1d27d13261faa9cd
- SHA512
  
  6de9c5d7fbd28f51682c72ef40178a3a8beda48ec165cae2a0d4510d28335dac979265d449d8e3a397b881f2d9c714fe5de18d9832e449edce6e517128180cd2
- SSDEEP
  
  1536:20sq3eLAW97ti/usXNuAdQgYK/qlhvnNTslSAg75FShpRrufceK+ZCl:gd97ti/39UR6q/NTsleHSnVhV+ZCl
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence