eeaf1f1ff3a6b2da87a5ac8d34d3ae99c1ab4d4a6daef19e501c0b2182f09d26 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05f0f77803f025a417f11642e99dac57_JaffaCakes118
Size

68KB
Sample

241001-qex5xa1djr
MD5

05f0f77803f025a417f11642e99dac57
SHA1

b9d0b79f60c5ec755bf0427fc219eaf334d6bdfa
SHA256

eeaf1f1ff3a6b2da87a5ac8d34d3ae99c1ab4d4a6daef19e501c0b2182f09d26
SHA512

81059988341647bfcc8feef8a6d2902d7d1212ba9b910223b1e231c902ea8a5dbfed7c3279fab6cc71594af6f5082efc2ca3987140947ede25f79481ee12fd2c
SSDEEP

1536:vSr/Dl62J/D3UDa1eqyw4rlI0omzxsHGZ+epscKB2+mI:vG/Dl6grzIzwc9oonZt9g2+mI

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  05f0f77803f025a417f11642e99dac57_JaffaCakes118
- Size
  
  68KB
- MD5
  
  05f0f77803f025a417f11642e99dac57
- SHA1
  
  b9d0b79f60c5ec755bf0427fc219eaf334d6bdfa
- SHA256
  
  eeaf1f1ff3a6b2da87a5ac8d34d3ae99c1ab4d4a6daef19e501c0b2182f09d26
- SHA512
  
  81059988341647bfcc8feef8a6d2902d7d1212ba9b910223b1e231c902ea8a5dbfed7c3279fab6cc71594af6f5082efc2ca3987140947ede25f79481ee12fd2c
- SSDEEP
  
  1536:vSr/Dl62J/D3UDa1eqyw4rlI0omzxsHGZ+epscKB2+mI:vG/Dl6grzIzwc9oonZt9g2+mI
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence