98e5d236641978efcbe22f9135dc80ccb29a5eeacd8b9efbe4577258d80baf12 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

b5202c623f...18.exe

windows7-x64

7

b5202c623f...18.exe

windows10-2004-x64

7

Sharing

General

Target

b5202c623f41277dccbde8b2aad17d91_JaffaCakes118
Size

883KB
Sample

240616-zk2jysxcpb
MD5

b5202c623f41277dccbde8b2aad17d91
SHA1

0454b2618bdb477252e4173133052f207f06b45b
SHA256

98e5d236641978efcbe22f9135dc80ccb29a5eeacd8b9efbe4577258d80baf12
SHA512

28f497114e3a2a8c474232fad9d4a914d1d9515850fd337ac209a47839f1ee69d9dc3bdd0886230a51183814384db0464cefcf433bfb2f2ed48708734625a058
SSDEEP

12288:OQXYPcOvA2fwdZ/qK5Y0uCQjiL1BfeadnXYl5:O53vA21K5YY1LPBFXYl

Score

7^/10

agilenet persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b5202c623f41277dccbde8b2aad17d91_JaffaCakes118.exe

Resource

win7-20240611-en

agilenet persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5202c623f41277dccbde8b2aad17d91_JaffaCakes118.exe

Resource

win10v2004-20240508-en

agilenet persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  b5202c623f41277dccbde8b2aad17d91_JaffaCakes118
- Size
  
  883KB
- MD5
  
  b5202c623f41277dccbde8b2aad17d91
- SHA1
  
  0454b2618bdb477252e4173133052f207f06b45b
- SHA256
  
  98e5d236641978efcbe22f9135dc80ccb29a5eeacd8b9efbe4577258d80baf12
- SHA512
  
  28f497114e3a2a8c474232fad9d4a914d1d9515850fd337ac209a47839f1ee69d9dc3bdd0886230a51183814384db0464cefcf433bfb2f2ed48708734625a058
- SSDEEP
  
  12288:OQXYPcOvA2fwdZ/qK5Y0uCQjiL1BfeadnXYl5:O53vA21K5YY1LPBFXYl
Score

7^/10

agilenet persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetpersistence

behavioral2

agilenetpersistence

© 2018-2024

Terms | Privacy