c214aab9800f46dda4a49c4c6a541fb97eca295ad44351c0b40a4e6dc76f22c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a8496eddf542c8c166959a8afc4e78_JaffaCakes118
Size

34KB
Sample

241009-djqkeaxhmr
MD5

29a8496eddf542c8c166959a8afc4e78
SHA1

c364f91e64cc1c022797a4c673a71481e28740e4
SHA256

c214aab9800f46dda4a49c4c6a541fb97eca295ad44351c0b40a4e6dc76f22c3
SHA512

feb9c9ed2c802662722f39b97c80b4d9d9e7533b1a61f074b6d069b1d334c3d8c9ab3193cb79cd9c8787ec25870accf9c1570343cb9c09865efcf564e27ea975
SSDEEP

768:EQGizuTiIzKZZ/Q/ISvd/SaLZ3Ph1nYT3V6Ltv4qv7jZpL+iLq:7VEa0dlLZfhObQjTjuj

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  29a8496eddf542c8c166959a8afc4e78_JaffaCakes118
- Size
  
  34KB
- MD5
  
  29a8496eddf542c8c166959a8afc4e78
- SHA1
  
  c364f91e64cc1c022797a4c673a71481e28740e4
- SHA256
  
  c214aab9800f46dda4a49c4c6a541fb97eca295ad44351c0b40a4e6dc76f22c3
- SHA512
  
  feb9c9ed2c802662722f39b97c80b4d9d9e7533b1a61f074b6d069b1d334c3d8c9ab3193cb79cd9c8787ec25870accf9c1570343cb9c09865efcf564e27ea975
- SSDEEP
  
  768:EQGizuTiIzKZZ/Q/ISvd/SaLZ3Ph1nYT3V6Ltv4qv7jZpL+iLq:7VEa0dlLZfhObQjTjuj
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence