79787c2816e02177955d1f87795b73d03856d858b4f1ad96754f95f996a678ec | Triage

Sharing

General

Target

f00f1e36c9c4799fbdd294c51cdded8e_JaffaCakes118
Size

32KB
Sample

240921-sh5p9sygnj
MD5

f00f1e36c9c4799fbdd294c51cdded8e
SHA1

5bd0ff8ca8b7f2208dc018af7eae3deb6d66c7fc
SHA256

79787c2816e02177955d1f87795b73d03856d858b4f1ad96754f95f996a678ec
SHA512

4f7ef81041cefe7c4e3236502c86ae63f0625ce24d3c9644c0befb283dd4cf0149d060445ec1574ec6eef15a5f54e9957d3712c2d16b5999a15126dc79c470d5
SSDEEP

384:RW0zDIDbcO9FR8RzbBqkKCviu305EOcS11pVcM:XzDZOnWhviu306Zb

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  f00f1e36c9c4799fbdd294c51cdded8e_JaffaCakes118
- Size
  
  32KB
- MD5
  
  f00f1e36c9c4799fbdd294c51cdded8e
- SHA1
  
  5bd0ff8ca8b7f2208dc018af7eae3deb6d66c7fc
- SHA256
  
  79787c2816e02177955d1f87795b73d03856d858b4f1ad96754f95f996a678ec
- SHA512
  
  4f7ef81041cefe7c4e3236502c86ae63f0625ce24d3c9644c0befb283dd4cf0149d060445ec1574ec6eef15a5f54e9957d3712c2d16b5999a15126dc79c470d5
- SSDEEP
  
  384:RW0zDIDbcO9FR8RzbBqkKCviu305EOcS11pVcM:XzDZOnWhviu306Zb
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence