1bec544b003c47f4347d1a4b21811f44c85fe8dcb83d7ac82a076784919119b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5b72fa3bf9a34b4c03565e3bfbbdc05_JaffaCakes118
Size

122KB
Sample

240925-lj5y4axhmr
MD5

f5b72fa3bf9a34b4c03565e3bfbbdc05
SHA1

7475946fcd75e2190498ac8e065604c8c5f93807
SHA256

1bec544b003c47f4347d1a4b21811f44c85fe8dcb83d7ac82a076784919119b7
SHA512

b81f4a160794ee6570daf6d8f16a222bc1906c1a9ae80ed9f55038983f44a34e843b66e025d6bae1d8832ca1e3f80f68e1c68eb3a9088bf50843281f66cf1398
SSDEEP

3072:dhHhFKBy0VbrefHFwkjhoHmLdXN3PcujOrZi1Wo:PHhFKBy+bKflwEam5XRNwM

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  f5b72fa3bf9a34b4c03565e3bfbbdc05_JaffaCakes118
- Size
  
  122KB
- MD5
  
  f5b72fa3bf9a34b4c03565e3bfbbdc05
- SHA1
  
  7475946fcd75e2190498ac8e065604c8c5f93807
- SHA256
  
  1bec544b003c47f4347d1a4b21811f44c85fe8dcb83d7ac82a076784919119b7
- SHA512
  
  b81f4a160794ee6570daf6d8f16a222bc1906c1a9ae80ed9f55038983f44a34e843b66e025d6bae1d8832ca1e3f80f68e1c68eb3a9088bf50843281f66cf1398
- SSDEEP
  
  3072:dhHhFKBy0VbrefHFwkjhoHmLdXN3PcujOrZi1Wo:PHhFKBy+bKflwEam5XRNwM
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence