f3036870107f97c58ea88766c742f8b7918e204b1094f63058b9f233c0fcdf9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d53830cdda95d72a2ad30bc9a84a453_JaffaCakes118
Size

1.2MB
Sample

241009-jfza2ayemd
MD5

2d53830cdda95d72a2ad30bc9a84a453
SHA1

772245d5db549c346a11b8505758e70a58f34cc5
SHA256

f3036870107f97c58ea88766c742f8b7918e204b1094f63058b9f233c0fcdf9c
SHA512

279562dadc062e8b9eaabecb208afbf524baf34b42df3199674b36750fe8c21eb90499816a1b99a8d6b319438099374f460d63c1aa9c76c68821eb756f8d00b3
SSDEEP

24576:4nClh/VaeYg2EtfZ4xj+Y6SUuuOeWaYYA/6y/wml:4nkt9Yg2sfZ4xj+ZRyIE

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  2d53830cdda95d72a2ad30bc9a84a453_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  2d53830cdda95d72a2ad30bc9a84a453
- SHA1
  
  772245d5db549c346a11b8505758e70a58f34cc5
- SHA256
  
  f3036870107f97c58ea88766c742f8b7918e204b1094f63058b9f233c0fcdf9c
- SHA512
  
  279562dadc062e8b9eaabecb208afbf524baf34b42df3199674b36750fe8c21eb90499816a1b99a8d6b319438099374f460d63c1aa9c76c68821eb756f8d00b3
- SSDEEP
  
  24576:4nClh/VaeYg2EtfZ4xj+Y6SUuuOeWaYYA/6y/wml:4nkt9Yg2sfZ4xj+ZRyIE
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence