fe4f95a0ff8e4b359bdea8d74a368c4fba3e37cf46e8d880df15c9665f3cb3ea | Triage

Sharing

General

Target

303c7c1d665c1ded8d5b0afe5fb427ee_JaffaCakes118
Size

112KB
Sample

241010-rb8mxaygle
MD5

303c7c1d665c1ded8d5b0afe5fb427ee
SHA1

6026a0ccbbff06f9209fde5c014a3d7ace03831a
SHA256

fe4f95a0ff8e4b359bdea8d74a368c4fba3e37cf46e8d880df15c9665f3cb3ea
SHA512

848505fe3ddbc026d55cfa99c9585e41114759d82d44a64cd8549b2d8ce37d118b4f2c347419e65a53c117d2cba9fe0327643dcd1cfe4fd6a6e7f0b6b8087266
SSDEEP

384:Bg0iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiJ+0iiiiiiiiiiiiiik:BIJSCQ3SizKcE/XWXH

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  303c7c1d665c1ded8d5b0afe5fb427ee_JaffaCakes118
- Size
  
  112KB
- MD5
  
  303c7c1d665c1ded8d5b0afe5fb427ee
- SHA1
  
  6026a0ccbbff06f9209fde5c014a3d7ace03831a
- SHA256
  
  fe4f95a0ff8e4b359bdea8d74a368c4fba3e37cf46e8d880df15c9665f3cb3ea
- SHA512
  
  848505fe3ddbc026d55cfa99c9585e41114759d82d44a64cd8549b2d8ce37d118b4f2c347419e65a53c117d2cba9fe0327643dcd1cfe4fd6a6e7f0b6b8087266
- SSDEEP
  
  384:Bg0iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiJ+0iiiiiiiiiiiiiik:BIJSCQ3SizKcE/XWXH
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence