11574e844ebef2a6efb8d3388286034f91d0fd349686c75b51f90d5cbc602c2b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eea22b82f495defd278430bb2172f327_JaffaCakes118
Size

50KB
Sample

240920-3dg4hsthnr
MD5

eea22b82f495defd278430bb2172f327
SHA1

ac681c0720ce43f71e75f9fa96240409fc081619
SHA256

11574e844ebef2a6efb8d3388286034f91d0fd349686c75b51f90d5cbc602c2b
SHA512

ebf80c1ec2ca0b40ce64e4a355944c4cebe7996cfdeaf5cebab7ccd13c5f141538d4556ff7b8cbe486b5b2606ac5947e95288c3e86a3ab8baee4fff1b5763937
SSDEEP

768:5PkkvH81WUlPw2RJkkT1Z5JbDDNWus0WVxlL3xSOSVPylUzMKinQ1Q8jPsahM:JvHYWUl5nT1BbDDaVLLhYpyjvnQOQh

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  eea22b82f495defd278430bb2172f327_JaffaCakes118
- Size
  
  50KB
- MD5
  
  eea22b82f495defd278430bb2172f327
- SHA1
  
  ac681c0720ce43f71e75f9fa96240409fc081619
- SHA256
  
  11574e844ebef2a6efb8d3388286034f91d0fd349686c75b51f90d5cbc602c2b
- SHA512
  
  ebf80c1ec2ca0b40ce64e4a355944c4cebe7996cfdeaf5cebab7ccd13c5f141538d4556ff7b8cbe486b5b2606ac5947e95288c3e86a3ab8baee4fff1b5763937
- SSDEEP
  
  768:5PkkvH81WUlPw2RJkkT1Z5JbDDNWus0WVxlL3xSOSVPylUzMKinQ1Q8jPsahM:JvHYWUl5nT1BbDDaVLLhYpyjvnQOQh
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence