edeb5bbaae577e44633b34e28bbdbf2094c0981d70d8cc6f735676643b92319a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04f3a29f36f81120f56002019599c8bb_JaffaCakes118
Size

243KB
Sample

241001-jxpg6ayfll
MD5

04f3a29f36f81120f56002019599c8bb
SHA1

ee0c5aca9845192f8a1f77dba20b23e54740e8e5
SHA256

edeb5bbaae577e44633b34e28bbdbf2094c0981d70d8cc6f735676643b92319a
SHA512

e47f18dfa0c87f913dd07f3584b14f47fb14e064602dbc89fca0f246e82b808098f0f9b8cf8fedfdf79c7b2e98ea92c228d07c27e4d1ba08169db975a37f9944
SSDEEP

3072:GaObYrSD4kjua2DH4xWe5GWp1icKAArDZz4N9GhbkrNEk11YOA6g+cso6enR9PUz:GaKMSD4YuaeMp0yN90QERxb+c8AV+tc

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  04f3a29f36f81120f56002019599c8bb_JaffaCakes118
- Size
  
  243KB
- MD5
  
  04f3a29f36f81120f56002019599c8bb
- SHA1
  
  ee0c5aca9845192f8a1f77dba20b23e54740e8e5
- SHA256
  
  edeb5bbaae577e44633b34e28bbdbf2094c0981d70d8cc6f735676643b92319a
- SHA512
  
  e47f18dfa0c87f913dd07f3584b14f47fb14e064602dbc89fca0f246e82b808098f0f9b8cf8fedfdf79c7b2e98ea92c228d07c27e4d1ba08169db975a37f9944
- SSDEEP
  
  3072:GaObYrSD4kjua2DH4xWe5GWp1icKAArDZz4N9GhbkrNEk11YOA6g+cso6enR9PUz:GaKMSD4YuaeMp0yN90QERxb+c8AV+tc
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence