8bb0235f49c3f56f31c740eaae138420dbe467d778aa95bae1543d340959f20d | Triage

Sharing

General

Target

3f74f529002363fa9a3a9c5c1103c3c7_JaffaCakes118
Size

196KB
Sample

241013-m17dxssgmg
MD5

3f74f529002363fa9a3a9c5c1103c3c7
SHA1

028296c4585fa8a789f538a27ba45db560a9bc1b
SHA256

8bb0235f49c3f56f31c740eaae138420dbe467d778aa95bae1543d340959f20d
SHA512

00314190f02aa6b7216b49971a7d9b5849d51c6e8291795f5fb9768257e4874db954d895750c245cbec85aa42a09cac6337827a8539cf1202cb1a202d18c04d7
SSDEEP

3072:HQIerxAAwNqN/Yijo5VgdXM54h+d/NrMoDj6bU/5bVO/fWIq450lTjz3tJGPbzwL:hkWmgik4d+40hN1DjCids/e5mAzv

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  3f74f529002363fa9a3a9c5c1103c3c7_JaffaCakes118
- Size
  
  196KB
- MD5
  
  3f74f529002363fa9a3a9c5c1103c3c7
- SHA1
  
  028296c4585fa8a789f538a27ba45db560a9bc1b
- SHA256
  
  8bb0235f49c3f56f31c740eaae138420dbe467d778aa95bae1543d340959f20d
- SHA512
  
  00314190f02aa6b7216b49971a7d9b5849d51c6e8291795f5fb9768257e4874db954d895750c245cbec85aa42a09cac6337827a8539cf1202cb1a202d18c04d7
- SSDEEP
  
  3072:HQIerxAAwNqN/Yijo5VgdXM54h+d/NrMoDj6bU/5bVO/fWIq450lTjz3tJGPbzwL:hkWmgik4d+40hN1DjCids/e5mAzv
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence