f43dd701ceca3bf22ede13e167ebb7bc7e00bd58a523dbbb29b5bc55b6b39fc7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03398554de5502383c0f1da1793e3af0_JaffaCakes118
Size

16KB
Sample

240930-zpe7hsvclr
MD5

03398554de5502383c0f1da1793e3af0
SHA1

882571597d4141549fa8d6b8e2811eae1340ff3b
SHA256

f43dd701ceca3bf22ede13e167ebb7bc7e00bd58a523dbbb29b5bc55b6b39fc7
SHA512

e7b7e7e9646b323e2ffa8b9ed81f577de250eafc0f86d02c066bf6a1876daf86ad6b699856a2d7c21a6dad609b81d38cf3bec6c59fce8a3e5bbace5af75e60d1
SSDEEP

384:JnZXPxyEm8GUrJQlBVbVt3Q1EsoN8aJZLB:xZXPxRm8GoJgBtVt3QOtr

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  03398554de5502383c0f1da1793e3af0_JaffaCakes118
- Size
  
  16KB
- MD5
  
  03398554de5502383c0f1da1793e3af0
- SHA1
  
  882571597d4141549fa8d6b8e2811eae1340ff3b
- SHA256
  
  f43dd701ceca3bf22ede13e167ebb7bc7e00bd58a523dbbb29b5bc55b6b39fc7
- SHA512
  
  e7b7e7e9646b323e2ffa8b9ed81f577de250eafc0f86d02c066bf6a1876daf86ad6b699856a2d7c21a6dad609b81d38cf3bec6c59fce8a3e5bbace5af75e60d1
- SSDEEP
  
  384:JnZXPxyEm8GUrJQlBVbVt3Q1EsoN8aJZLB:xZXPxRm8GoJgBtVt3QOtr
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence