c25981057bcdc92b97c0c5aed6222357a27ace44db44a0f22db67dc76041103d | Triage

Sharing

General

Target

f38ec47b0c3108bdf5d5627ea4f399b3_JaffaCakes118
Size

232KB
Sample

240416-qc1s1sce2y
MD5

f38ec47b0c3108bdf5d5627ea4f399b3
SHA1

c2387aa47eb97776f3f9bbbac91dae93d19ef71d
SHA256

c25981057bcdc92b97c0c5aed6222357a27ace44db44a0f22db67dc76041103d
SHA512

13bd409b766a9b36348e0631ce0e76d658514146a6b022f40ae80b82b707dd0543d6f213a565a6465c2ba5ae06729b2138497d2e0c8c9d3e8cfdf0d5c6743e6f
SSDEEP

1536:GPzkhyGomoDo0omoEo4A5AVzotokoXoOoioVo2oEogoFoPoeoWooo7oxozoZoMoJ:MtJA5AVap/S

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f38ec47b0c3108bdf5d5627ea4f399b3_JaffaCakes118
- Size
  
  232KB
- MD5
  
  f38ec47b0c3108bdf5d5627ea4f399b3
- SHA1
  
  c2387aa47eb97776f3f9bbbac91dae93d19ef71d
- SHA256
  
  c25981057bcdc92b97c0c5aed6222357a27ace44db44a0f22db67dc76041103d
- SHA512
  
  13bd409b766a9b36348e0631ce0e76d658514146a6b022f40ae80b82b707dd0543d6f213a565a6465c2ba5ae06729b2138497d2e0c8c9d3e8cfdf0d5c6743e6f
- SSDEEP
  
  1536:GPzkhyGomoDo0omoEo4A5AVzotokoXoOoioVo2oEogoFoPoeoWooo7oxozoZoMoJ:MtJA5AVap/S
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence