5661f5046ab903945ad3b06780382d06e57f30eba08d7d32584cef256b4eb205 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

253895d0f753b43c6ac23030543a317f_JaffaCakes118
Size

414KB
Sample

241008-zkrdzsyemh
MD5

253895d0f753b43c6ac23030543a317f
SHA1

a50eaa802bcf918bf05d15447cc85f5193343e36
SHA256

5661f5046ab903945ad3b06780382d06e57f30eba08d7d32584cef256b4eb205
SHA512

a4e9d91f147d2922aaec35d386050822b7b090bf33f506df2defcde22415f902bf71c912dc6ca5681539df9f39ffadbfa139efccba0fc6180a87297d5e898ea1
SSDEEP

12288:n7/CbvBkSiu436qv618YBHkNBX6jH7v+ug:n7abJkS1S6qy18sQBX6H+/

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  253895d0f753b43c6ac23030543a317f_JaffaCakes118
- Size
  
  414KB
- MD5
  
  253895d0f753b43c6ac23030543a317f
- SHA1
  
  a50eaa802bcf918bf05d15447cc85f5193343e36
- SHA256
  
  5661f5046ab903945ad3b06780382d06e57f30eba08d7d32584cef256b4eb205
- SHA512
  
  a4e9d91f147d2922aaec35d386050822b7b090bf33f506df2defcde22415f902bf71c912dc6ca5681539df9f39ffadbfa139efccba0fc6180a87297d5e898ea1
- SSDEEP
  
  12288:n7/CbvBkSiu436qv618YBHkNBX6jH7v+ug:n7abJkS1S6qy18sQBX6H+/
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence