cdf11eb07e199d3b0d6880a7379455c2a23d0951577c1384bc2cbf38fc3f3acc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28cb1c333e92298919780b46acba66e3_JaffaCakes118
Size

233KB
Sample

241009-cc6gls1epr
MD5

28cb1c333e92298919780b46acba66e3
SHA1

20d6043acf86f8b46c8154bf41ecd05741a648c5
SHA256

cdf11eb07e199d3b0d6880a7379455c2a23d0951577c1384bc2cbf38fc3f3acc
SHA512

d2444d7ceb719ef805630a21e9bc565f364597699e6c8fbaa0d6735a6d092fce692210afad008b7d47fd576120fded2450a8ee3a4be0b7be95e2cd6cc2a9cee5
SSDEEP

3072:ncbUwh4pa0kFRAe/oNe2S+Mr7+SU5sxHo/YEEfQRb8KD090Jo0zhUHAAd77w/x:UOvkFqYogphriSUuANh0AuAA

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  28cb1c333e92298919780b46acba66e3_JaffaCakes118
- Size
  
  233KB
- MD5
  
  28cb1c333e92298919780b46acba66e3
- SHA1
  
  20d6043acf86f8b46c8154bf41ecd05741a648c5
- SHA256
  
  cdf11eb07e199d3b0d6880a7379455c2a23d0951577c1384bc2cbf38fc3f3acc
- SHA512
  
  d2444d7ceb719ef805630a21e9bc565f364597699e6c8fbaa0d6735a6d092fce692210afad008b7d47fd576120fded2450a8ee3a4be0b7be95e2cd6cc2a9cee5
- SSDEEP
  
  3072:ncbUwh4pa0kFRAe/oNe2S+Mr7+SU5sxHo/YEEfQRb8KD090Jo0zhUHAAd77w/x:UOvkFqYogphriSUuANh0AuAA
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence