78b07e1288a9f6255925dc893e6b054536e90d5330df96dc1c4aafe74704bdfe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb9b3357169d781b25841d9de427493a_JaffaCakes118
Size

92KB
Sample

240928-ganw1azbjk
MD5

fb9b3357169d781b25841d9de427493a
SHA1

a871c3df89788e2849f8c76aa4e6820c227ba1d9
SHA256

78b07e1288a9f6255925dc893e6b054536e90d5330df96dc1c4aafe74704bdfe
SHA512

66b6472680d97c326b17c4474eda04040b7139ff5677b988798a3334e7b09cfb297d064d156c010384b1b6ff8a1c3d74a7a89c3d38a72bbba8bdcff201f55c4d
SSDEEP

1536:F34ZYvdiCHD9k+G1Fv661KJpuNMfXofRtUQek8PX6w7LKD5QEFL+gR3uHb9flhOw:F340diS9k+G1Fy61KDuNMfXYRtUQek82

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  fb9b3357169d781b25841d9de427493a_JaffaCakes118
- Size
  
  92KB
- MD5
  
  fb9b3357169d781b25841d9de427493a
- SHA1
  
  a871c3df89788e2849f8c76aa4e6820c227ba1d9
- SHA256
  
  78b07e1288a9f6255925dc893e6b054536e90d5330df96dc1c4aafe74704bdfe
- SHA512
  
  66b6472680d97c326b17c4474eda04040b7139ff5677b988798a3334e7b09cfb297d064d156c010384b1b6ff8a1c3d74a7a89c3d38a72bbba8bdcff201f55c4d
- SSDEEP
  
  1536:F34ZYvdiCHD9k+G1Fv661KJpuNMfXofRtUQek8PX6w7LKD5QEFL+gR3uHb9flhOw:F340diS9k+G1Fy61KDuNMfXYRtUQek82
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence