gh0strat | b67a1169dfae45ce315ba11d9b130625d89d06624ae7e53004d602050e352cec | Triage

Sharing

General

Target

JaffaCakes118_50cd538dfa309cc6b7c4460340a9d6aa
Size

131KB
Sample

250305-gnzwes1kx5
MD5

50cd538dfa309cc6b7c4460340a9d6aa
SHA1

1c39d40af0ff6459dc00265a9f07f4dd102ffa14
SHA256

b67a1169dfae45ce315ba11d9b130625d89d06624ae7e53004d602050e352cec
SHA512

e0ace63c10b71020880181e811bb81e8892036b360f741422809365afc26755095ca3f9724c9c972a0157c5b5fa194d0e4a3af377cbcbbb5841ccdaf4886749e
SSDEEP

1536:ALXB65939tY6HBg4sXJaoqZczuRuIpEWFu2blDleDRgE/Ewkg/uJ+f3N0hUY:ALk395hYXJ8yqRuIpEaTDl8gEcI/hyF

Score

10^/10

gh0strat discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_50cd538dfa309cc6b7c4460340a9d6aa
- Size
  
  131KB
- MD5
  
  50cd538dfa309cc6b7c4460340a9d6aa
- SHA1
  
  1c39d40af0ff6459dc00265a9f07f4dd102ffa14
- SHA256
  
  b67a1169dfae45ce315ba11d9b130625d89d06624ae7e53004d602050e352cec
- SHA512
  
  e0ace63c10b71020880181e811bb81e8892036b360f741422809365afc26755095ca3f9724c9c972a0157c5b5fa194d0e4a3af377cbcbbb5841ccdaf4886749e
- SSDEEP
  
  1536:ALXB65939tY6HBg4sXJaoqZczuRuIpEWFu2blDleDRgE/Ewkg/uJ+f3N0hUY:ALk395hYXJ8yqRuIpEaTDl8gEcI/hyF
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  201132531919.exe
- Size
  
  100.2MB
- MD5
  
  f73aaab0b275bf26372ce81e72730b8f
- SHA1
  
  348d87d753298b9d931f41edcd8bf337feb04e2e
- SHA256
  
  18a18eb08a0a4dd85e4ad126e110687b0d70e04c60f7a14f088780aeaaf339a4
- SHA512
  
  9ac22eed0fa5d946086782e11be9ebe1cb26f85f68b989f82c5a445ba341d5078b8d6c1fa31349e7e89d67ecd4f94254ea0bcd969ae2c8336110faa2b427c95e
- SSDEEP
  
  3072:mI1WbJFtqTZ805ealC0WHACFOXvwtRST2kM3J5O3ttUtQhJrkm:p1+FtqMaMdACgv3T2Z3JI3ttzJQm
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3

discoverypersistence

behavioral4

discoverypersistence