202b03238891fc5dc5b078d02b9ca9daa26d0c1f338930563d88eca728c5df71 | Triage

Sharing

General

Target

ff8474d470fdc01c846c76a7b8d8e227_JaffaCakes118
Size

966KB
Sample

240929-3qt9lswfkr
MD5

ff8474d470fdc01c846c76a7b8d8e227
SHA1

83335bf4fe9bd1b6a9da68c6db47de241d962fb4
SHA256

202b03238891fc5dc5b078d02b9ca9daa26d0c1f338930563d88eca728c5df71
SHA512

e1863ea8fce0c3af0901443513b0d65b9b792ea5aff9a7c60947f713669e60ed60b778e3dc4aeb5e1d29c554754e471f87f049e4d04bbacee978081130b887f3
SSDEEP

24576:tMMSw3gK+vH1+F0QrOFEk908IkpVd1mqUp+:uZ1KHF0qg9N37d1mtE

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  ff8474d470fdc01c846c76a7b8d8e227_JaffaCakes118
- Size
  
  966KB
- MD5
  
  ff8474d470fdc01c846c76a7b8d8e227
- SHA1
  
  83335bf4fe9bd1b6a9da68c6db47de241d962fb4
- SHA256
  
  202b03238891fc5dc5b078d02b9ca9daa26d0c1f338930563d88eca728c5df71
- SHA512
  
  e1863ea8fce0c3af0901443513b0d65b9b792ea5aff9a7c60947f713669e60ed60b778e3dc4aeb5e1d29c554754e471f87f049e4d04bbacee978081130b887f3
- SSDEEP
  
  24576:tMMSw3gK+vH1+F0QrOFEk908IkpVd1mqUp+:uZ1KHF0qg9N37d1mtE
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence