e72bb2f20c67d11123d384bd937f198c8acf4b6ef47a8ecfe9c64f27b620f2f3 | Triage

Sharing

General

Target

56d8ce1b5f585b580d22afa8aaafcd37_JaffaCakes118
Size

839KB
Sample

241018-l58xwateln
MD5

56d8ce1b5f585b580d22afa8aaafcd37
SHA1

da939fde7d3f60360b42455795e92f57f6ad6b79
SHA256

e72bb2f20c67d11123d384bd937f198c8acf4b6ef47a8ecfe9c64f27b620f2f3
SHA512

3b4272a4334a4a0b0d066f3f4974feaad0c7390e41319614aca12237be2e46cbfe64798b1d042038ad849bf582aadd3c6371ff743b6b0b1361dd3e54b6867341
SSDEEP

12288:a00w9lxYPxQYFsVL9gNTbXIe/N9jvX7+RoDSHBptaJ/UeIfHea1YrK1yxLuAmf0:N0wCTh3jzCoDSXtM7auK1yLuNfp

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  56d8ce1b5f585b580d22afa8aaafcd37_JaffaCakes118
- Size
  
  839KB
- MD5
  
  56d8ce1b5f585b580d22afa8aaafcd37
- SHA1
  
  da939fde7d3f60360b42455795e92f57f6ad6b79
- SHA256
  
  e72bb2f20c67d11123d384bd937f198c8acf4b6ef47a8ecfe9c64f27b620f2f3
- SHA512
  
  3b4272a4334a4a0b0d066f3f4974feaad0c7390e41319614aca12237be2e46cbfe64798b1d042038ad849bf582aadd3c6371ff743b6b0b1361dd3e54b6867341
- SSDEEP
  
  12288:a00w9lxYPxQYFsVL9gNTbXIe/N9jvX7+RoDSHBptaJ/UeIfHea1YrK1yxLuAmf0:N0wCTh3jzCoDSXtM7auK1yLuNfp
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence