ae0a1c7d701a41d02532e1ce8f716a8b6bd5c92567f39c278fcf9f22209a1d5f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb6e350ac1be86bc7d38fcc3539df44e_JaffaCakes118
Size

68KB
Sample

240928-d8s2tsveqk
MD5

fb6e350ac1be86bc7d38fcc3539df44e
SHA1

6a393ffff69881c201075137a78c5a1b046e3632
SHA256

ae0a1c7d701a41d02532e1ce8f716a8b6bd5c92567f39c278fcf9f22209a1d5f
SHA512

f7a8522039a4f511f52c3b8bae601df4f9af02cdac709bb9f15cab2b39bf3fcc74052af6f2116cf4761c3b63a625cf33027e9c7a4805689ef31de9d108f619c4
SSDEEP

768:lq19X3jo7NUcM3IGDuPbAjvxGMO+gd2yQSiGDiB97z8gTf8AImwS+rW6u6i63:lqDo7Nm6JMOZYyjyV87S8WG

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  fb6e350ac1be86bc7d38fcc3539df44e_JaffaCakes118
- Size
  
  68KB
- MD5
  
  fb6e350ac1be86bc7d38fcc3539df44e
- SHA1
  
  6a393ffff69881c201075137a78c5a1b046e3632
- SHA256
  
  ae0a1c7d701a41d02532e1ce8f716a8b6bd5c92567f39c278fcf9f22209a1d5f
- SHA512
  
  f7a8522039a4f511f52c3b8bae601df4f9af02cdac709bb9f15cab2b39bf3fcc74052af6f2116cf4761c3b63a625cf33027e9c7a4805689ef31de9d108f619c4
- SSDEEP
  
  768:lq19X3jo7NUcM3IGDuPbAjvxGMO+gd2yQSiGDiB97z8gTf8AImwS+rW6u6i63:lqDo7Nm6JMOZYyjyV87S8WG
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence