6ed1218e53f9915dc4fe20aebceffbf2527f5135d1e69cbeaff76390a99e2cff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f4d51aa78e3fcb5a43fea7f5b515b00_JaffaCakes118
Size

220KB
Sample

241003-shlx6avelc
MD5

0f4d51aa78e3fcb5a43fea7f5b515b00
SHA1

ce38c0fdc1aa03d142f7e8862c1375e4dd2964c9
SHA256

6ed1218e53f9915dc4fe20aebceffbf2527f5135d1e69cbeaff76390a99e2cff
SHA512

2e280d2e6afa106131b4163a01d8fc37733ca67fde0224071931e0861b7ac729e8fac11c131cbc251bed4cc9ce7314d0950edd8a4697abee8850aeea248c2da9
SSDEEP

6144:HJL3tUPwP1HbRM8ZcgGGughEP291LJq8M5Km3fIs:pBUPwkkTGGughEOo8MXAs

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  0f4d51aa78e3fcb5a43fea7f5b515b00_JaffaCakes118
- Size
  
  220KB
- MD5
  
  0f4d51aa78e3fcb5a43fea7f5b515b00
- SHA1
  
  ce38c0fdc1aa03d142f7e8862c1375e4dd2964c9
- SHA256
  
  6ed1218e53f9915dc4fe20aebceffbf2527f5135d1e69cbeaff76390a99e2cff
- SHA512
  
  2e280d2e6afa106131b4163a01d8fc37733ca67fde0224071931e0861b7ac729e8fac11c131cbc251bed4cc9ce7314d0950edd8a4697abee8850aeea248c2da9
- SSDEEP
  
  6144:HJL3tUPwP1HbRM8ZcgGGughEP291LJq8M5Km3fIs:pBUPwkkTGGughEOo8MXAs
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence