9d5acaa99f6bdf086171a0a7b03975ade369698787539f81fa98a03d23b1bf53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bf476871aa07d701d385a92a75132d4_JaffaCakes118
Size

165KB
Sample

241009-ghvdrayfld
MD5

2bf476871aa07d701d385a92a75132d4
SHA1

92c54bd1a3d365ed3aed28acee302c2827c1bb7f
SHA256

9d5acaa99f6bdf086171a0a7b03975ade369698787539f81fa98a03d23b1bf53
SHA512

ecf4b8b810f41300180ca6cc4ba4322e1bf73b0abb1f8c4eed18a3ea6c9800263ef1816f070fce6f55301902ca21329bc660d587eb7c7bda57477ae78b25f3c1
SSDEEP

3072:94HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:eiI/PlY37ZLF4Ca6WABqBOvs

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2bf476871aa07d701d385a92a75132d4_JaffaCakes118
- Size
  
  165KB
- MD5
  
  2bf476871aa07d701d385a92a75132d4
- SHA1
  
  92c54bd1a3d365ed3aed28acee302c2827c1bb7f
- SHA256
  
  9d5acaa99f6bdf086171a0a7b03975ade369698787539f81fa98a03d23b1bf53
- SHA512
  
  ecf4b8b810f41300180ca6cc4ba4322e1bf73b0abb1f8c4eed18a3ea6c9800263ef1816f070fce6f55301902ca21329bc660d587eb7c7bda57477ae78b25f3c1
- SSDEEP
  
  3072:94HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:eiI/PlY37ZLF4Ca6WABqBOvs
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2