12cf5ce7f8853947dad6853c942edc4a03e201b9995871828b97824861b6054b | Triage

Sharing

General

Target

462d0b018b21abd17a431079705cfc4d_JaffaCakes118
Size

60KB
Sample

241015-gqchxaydnc
MD5

462d0b018b21abd17a431079705cfc4d
SHA1

0d6b7671c8c57daf48e3c642c815f0430d5d698e
SHA256

12cf5ce7f8853947dad6853c942edc4a03e201b9995871828b97824861b6054b
SHA512

bbd6ca9c18759a39855286a882f84201adf37c287def138d9cbace52d37e19e23808ced552cf6249dcacb322bd582a6191ae4fd46dcbb790a278c5c5e215281a
SSDEEP

1536:b7sIiX7vfOMXgzuSM8TWbp7pnDCP8MmiLpP9HKDAI0gb:b7s6RP9HKnb

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  462d0b018b21abd17a431079705cfc4d_JaffaCakes118
- Size
  
  60KB
- MD5
  
  462d0b018b21abd17a431079705cfc4d
- SHA1
  
  0d6b7671c8c57daf48e3c642c815f0430d5d698e
- SHA256
  
  12cf5ce7f8853947dad6853c942edc4a03e201b9995871828b97824861b6054b
- SHA512
  
  bbd6ca9c18759a39855286a882f84201adf37c287def138d9cbace52d37e19e23808ced552cf6249dcacb322bd582a6191ae4fd46dcbb790a278c5c5e215281a
- SSDEEP
  
  1536:b7sIiX7vfOMXgzuSM8TWbp7pnDCP8MmiLpP9HKDAI0gb:b7s6RP9HKnb
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence