d6987124b3688bf43b82c9a28a28f0322f28e4256c323cb296ff8c55e6cec800 | Triage

Sharing

General

Target

0135ed6e8402bfffca7678ccb611c700_JaffaCakes118
Size

192KB
Sample

240930-n7116ayclb
MD5

0135ed6e8402bfffca7678ccb611c700
SHA1

e65fe4fe86c6ca570efeae42aced0c88d5ba8b56
SHA256

d6987124b3688bf43b82c9a28a28f0322f28e4256c323cb296ff8c55e6cec800
SHA512

1ec530d31bb96cf2390413c6a2cacb5e102fc2e54c5d8a895533b0e7382dd72f71a8e244f4597ced243dc1deddf5c5bf37aaa1c6d3b3c03207fb4c152e8bed78
SSDEEP

3072:z/na6WDmrZ5Cn79xvlr2xmOJ5wUuWXcfb0hw7IACb873684yVcx566/znEV/IEeC:z/nuDm9knmhJ4/sMLuO6/zGeEf

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  0135ed6e8402bfffca7678ccb611c700_JaffaCakes118
- Size
  
  192KB
- MD5
  
  0135ed6e8402bfffca7678ccb611c700
- SHA1
  
  e65fe4fe86c6ca570efeae42aced0c88d5ba8b56
- SHA256
  
  d6987124b3688bf43b82c9a28a28f0322f28e4256c323cb296ff8c55e6cec800
- SHA512
  
  1ec530d31bb96cf2390413c6a2cacb5e102fc2e54c5d8a895533b0e7382dd72f71a8e244f4597ced243dc1deddf5c5bf37aaa1c6d3b3c03207fb4c152e8bed78
- SSDEEP
  
  3072:z/na6WDmrZ5Cn79xvlr2xmOJ5wUuWXcfb0hw7IACb873684yVcx566/znEV/IEeC:z/nuDm9knmhJ4/sMLuO6/zGeEf
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence