f6fd6a913d7a2a25e0049b9d1c3b198c76c6b7e7fec36199dd6d3f2f83876109 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

071d2540d95a1dbcb93b0709ad7c1965_JaffaCakes118
Size

35KB
Sample

241001-x7xs6swhlp
MD5

071d2540d95a1dbcb93b0709ad7c1965
SHA1

9bade590a008e1255976ce99bfd94ed495782581
SHA256

f6fd6a913d7a2a25e0049b9d1c3b198c76c6b7e7fec36199dd6d3f2f83876109
SHA512

2b021bebb0374833c2e645853cbcf660bba19f13c1f8ff4b43b887519e15d74f96a3260de271d10854b014faedd3eaa9a575826bd9bf2d0a94e0f04cbada365b
SSDEEP

768:CcUQGhgGXvDdvlGHzLQ/bdJcBdoFr7tzpbmmVc8XXL2o6:jlG9XhvlQU/bd8SF71pymdL2x

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  071d2540d95a1dbcb93b0709ad7c1965_JaffaCakes118
- Size
  
  35KB
- MD5
  
  071d2540d95a1dbcb93b0709ad7c1965
- SHA1
  
  9bade590a008e1255976ce99bfd94ed495782581
- SHA256
  
  f6fd6a913d7a2a25e0049b9d1c3b198c76c6b7e7fec36199dd6d3f2f83876109
- SHA512
  
  2b021bebb0374833c2e645853cbcf660bba19f13c1f8ff4b43b887519e15d74f96a3260de271d10854b014faedd3eaa9a575826bd9bf2d0a94e0f04cbada365b
- SSDEEP
  
  768:CcUQGhgGXvDdvlGHzLQ/bdJcBdoFr7tzpbmmVc8XXL2o6:jlG9XhvlQU/bd8SF71pymdL2x
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence