50480142a432b6c1770e4a026ae416d784acfe8e449ed336aba1f6a2bbfcced5 | Triage

Sharing

General

Target

fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118
Size

252KB
Sample

240419-r5vyxafa42
MD5

fa87fd28fc92dd89efc9bf0215aa6ebb
SHA1

485ea45c96d00d36634c7eabf7a0f41871357d02
SHA256

50480142a432b6c1770e4a026ae416d784acfe8e449ed336aba1f6a2bbfcced5
SHA512

d73fe547cbbd9d6a8b58ceadb9bc269c277e9b36235ba1a5aa5c9c8e6e7e19da640638ede899699fdda79ec1cb7012f83d99581f67923b96e96f215c2307d208
SSDEEP

3072:gY7jaHLUCX34dmgJYsozBm2tfyXu1h5CeriHACqH/1ptrMAoSeLv5YXm:gAqUCXIdm/NBm2tuMpBeS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118
- Size
  
  252KB
- MD5
  
  fa87fd28fc92dd89efc9bf0215aa6ebb
- SHA1
  
  485ea45c96d00d36634c7eabf7a0f41871357d02
- SHA256
  
  50480142a432b6c1770e4a026ae416d784acfe8e449ed336aba1f6a2bbfcced5
- SHA512
  
  d73fe547cbbd9d6a8b58ceadb9bc269c277e9b36235ba1a5aa5c9c8e6e7e19da640638ede899699fdda79ec1cb7012f83d99581f67923b96e96f215c2307d208
- SSDEEP
  
  3072:gY7jaHLUCX34dmgJYsozBm2tfyXu1h5CeriHACqH/1ptrMAoSeLv5YXm:gAqUCXIdm/NBm2tuMpBeS
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence