8dab57d2e9589f66c71c4df91d3bad10c877246fa77e4565756fa37be264d527 | Triage

Sharing

General

Target

0d654a221aaffdfb5fae41b86b944cc8_JaffaCakes118
Size

55KB
Sample

241003-cdncessdnf
MD5

0d654a221aaffdfb5fae41b86b944cc8
SHA1

c9a09096a5c4385f9c899f57b0ecfac47a1723a7
SHA256

8dab57d2e9589f66c71c4df91d3bad10c877246fa77e4565756fa37be264d527
SHA512

71900ef7092eb38a7dd8202f48b5acd812a3d5de72b0f3b30600ad27b60eb9eba72014ce40671c9f4f5b97014d8e9bad46e02614c1e8acd43bc17e8c5d744039
SSDEEP

1536:h6eBR82J9hk4cl/9gjv5ubHaFA0HEHO/:sIagjRubHaDEe

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  0d654a221aaffdfb5fae41b86b944cc8_JaffaCakes118
- Size
  
  55KB
- MD5
  
  0d654a221aaffdfb5fae41b86b944cc8
- SHA1
  
  c9a09096a5c4385f9c899f57b0ecfac47a1723a7
- SHA256
  
  8dab57d2e9589f66c71c4df91d3bad10c877246fa77e4565756fa37be264d527
- SHA512
  
  71900ef7092eb38a7dd8202f48b5acd812a3d5de72b0f3b30600ad27b60eb9eba72014ce40671c9f4f5b97014d8e9bad46e02614c1e8acd43bc17e8c5d744039
- SSDEEP
  
  1536:h6eBR82J9hk4cl/9gjv5ubHaFA0HEHO/:sIagjRubHaDEe
Score

8^/10

execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

executionpersistence