55bf7497ddf0ea23a3914725896a5fcd4a2ab3b72283cadc726d830ffb54bd42 | Triage

Sharing

General

Target

f15e63b33e1b675467d1f5363b909250_JaffaCakes118
Size

184KB
Sample

240415-spzslabg9w
MD5

f15e63b33e1b675467d1f5363b909250
SHA1

8cf5f46dd028061d3f2a8516c48e9bca11f8043d
SHA256

55bf7497ddf0ea23a3914725896a5fcd4a2ab3b72283cadc726d830ffb54bd42
SHA512

f15164fcd145f02493ca7771888fc3c346867378720ebb73e8453782f4cc53f39912554479f1eb34a3808973b995cde193fe0a70da225e091bd7c4e9f4e1d095
SSDEEP

3072:m5q0M9CylSLuXbt/CA+Dfv216tasKCFwGSA:m5qV9C7MlCNH24AsKEwGf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f15e63b33e1b675467d1f5363b909250_JaffaCakes118
- Size
  
  184KB
- MD5
  
  f15e63b33e1b675467d1f5363b909250
- SHA1
  
  8cf5f46dd028061d3f2a8516c48e9bca11f8043d
- SHA256
  
  55bf7497ddf0ea23a3914725896a5fcd4a2ab3b72283cadc726d830ffb54bd42
- SHA512
  
  f15164fcd145f02493ca7771888fc3c346867378720ebb73e8453782f4cc53f39912554479f1eb34a3808973b995cde193fe0a70da225e091bd7c4e9f4e1d095
- SSDEEP
  
  3072:m5q0M9CylSLuXbt/CA+Dfv216tasKCFwGSA:m5qV9C7MlCNH24AsKEwGf
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence