482960618566c30ebac983171319188059c7a0727316b9422baaa7a658ba953d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e822dd2bc198be6c9fac9dc844db7204_JaffaCakes118
Size

156KB
Sample

240408-w71dmagc49
MD5

e822dd2bc198be6c9fac9dc844db7204
SHA1

82a744cff38a2cb91d17d5e301aafec8bf1d83b2
SHA256

482960618566c30ebac983171319188059c7a0727316b9422baaa7a658ba953d
SHA512

af043f52dc920ec84e6ee492f81b3d216d14e344145bf564de6aecf8628ef470cb2066c6f74e57be54404e8f040b8c3d84e4c57c1753f818f03a2ef961167b97
SSDEEP

3072:MBd1FE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANK/E5j4oQ/j:OdXE2R7Qvb4tQTaCeFP4Abdsj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e822dd2bc198be6c9fac9dc844db7204_JaffaCakes118
- Size
  
  156KB
- MD5
  
  e822dd2bc198be6c9fac9dc844db7204
- SHA1
  
  82a744cff38a2cb91d17d5e301aafec8bf1d83b2
- SHA256
  
  482960618566c30ebac983171319188059c7a0727316b9422baaa7a658ba953d
- SHA512
  
  af043f52dc920ec84e6ee492f81b3d216d14e344145bf564de6aecf8628ef470cb2066c6f74e57be54404e8f040b8c3d84e4c57c1753f818f03a2ef961167b97
- SSDEEP
  
  3072:MBd1FE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANK/E5j4oQ/j:OdXE2R7Qvb4tQTaCeFP4Abdsj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence