52599d76fe2b8f6cdcf5a32a5e78374e16fb86969097c23c2f531b73eacb624d | Triage

Sharing

General

Target

f5e86ffacb65dcda5e425a5235018bb0_JaffaCakes118
Size

476KB
Sample

240925-nktzbswdjg
MD5

f5e86ffacb65dcda5e425a5235018bb0
SHA1

5350e5dc510ae2d395e96f036de57159d1a2c5f7
SHA256

52599d76fe2b8f6cdcf5a32a5e78374e16fb86969097c23c2f531b73eacb624d
SHA512

30edec9295eda52f53dff172c6fa6875d9cb192a10fd902b7070534dad0795a582a9286aa6fbaf4169464dcc610be36642493e122e962893503a4d477d66494a
SSDEEP

6144:TUw5etIDfEBJ1hel9AiYUdKsdyq1vR6sMr1X5r33fLRbhn7X5aX+pvQU2H:TUoetgIJ1hh0dhJgrJdvDU+T2

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  f5e86ffacb65dcda5e425a5235018bb0_JaffaCakes118
- Size
  
  476KB
- MD5
  
  f5e86ffacb65dcda5e425a5235018bb0
- SHA1
  
  5350e5dc510ae2d395e96f036de57159d1a2c5f7
- SHA256
  
  52599d76fe2b8f6cdcf5a32a5e78374e16fb86969097c23c2f531b73eacb624d
- SHA512
  
  30edec9295eda52f53dff172c6fa6875d9cb192a10fd902b7070534dad0795a582a9286aa6fbaf4169464dcc610be36642493e122e962893503a4d477d66494a
- SSDEEP
  
  6144:TUw5etIDfEBJ1hel9AiYUdKsdyq1vR6sMr1X5r33fLRbhn7X5aX+pvQU2H:TUoetgIJ1hh0dhJgrJdvDU+T2
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence