30680e937a9974b468ab3d0aa9d11a4628052099a75edb4b931c2e529f6665b0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

987eeda5f1fbb2370fef6b75a5fef6ae_JaffaCakes118
Size

453KB
Sample

240605-svmefsbe92
MD5

987eeda5f1fbb2370fef6b75a5fef6ae
SHA1

819f1be0c65d390946a4cd29bfa45f11d60196f0
SHA256

30680e937a9974b468ab3d0aa9d11a4628052099a75edb4b931c2e529f6665b0
SHA512

5c48deffe452c32ee2341990b9deb2898eff4b9812044de3bdf12e8d0c64845f50e9b7bf3f6eac4695ca8a73117e8d99093977c743e9644aafa618669309b61b
SSDEEP

12288:A8J0JzIzOtl5gGQxk/yxPeI5n3lHjJ3zv:tfzOxjQxk/gX

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  987eeda5f1fbb2370fef6b75a5fef6ae_JaffaCakes118
- Size
  
  453KB
- MD5
  
  987eeda5f1fbb2370fef6b75a5fef6ae
- SHA1
  
  819f1be0c65d390946a4cd29bfa45f11d60196f0
- SHA256
  
  30680e937a9974b468ab3d0aa9d11a4628052099a75edb4b931c2e529f6665b0
- SHA512
  
  5c48deffe452c32ee2341990b9deb2898eff4b9812044de3bdf12e8d0c64845f50e9b7bf3f6eac4695ca8a73117e8d99093977c743e9644aafa618669309b61b
- SSDEEP
  
  12288:A8J0JzIzOtl5gGQxk/yxPeI5n3lHjJ3zv:tfzOxjQxk/gX
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence