c5573ce54201bdc1a081c7c7b4b9878a37b7575ad2fb9740c073a8e823f0e818 | Triage

Sharing

General

Target

0118bbce996de4672dc46a18e07b9b2e_JaffaCakes118
Size

100KB
Sample

240619-28yt3s1bkp
MD5

0118bbce996de4672dc46a18e07b9b2e
SHA1

8159b4812cf8c81db2a21707049e4bacb7ce001c
SHA256

c5573ce54201bdc1a081c7c7b4b9878a37b7575ad2fb9740c073a8e823f0e818
SHA512

e896b59ce2c2590302c077b64d07ad0cffdb5c6b713bd0b5193c52ca5ed494f1b4ac099b34d5a3f010435f99c7989b721ddaaa8073c0084e987e6d0137caf159
SSDEEP

1536:tkt0e82NTdwULGZcYADZPU1+73BD88b0nydNIjN:swTgZPUQJdCN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0118bbce996de4672dc46a18e07b9b2e_JaffaCakes118
- Size
  
  100KB
- MD5
  
  0118bbce996de4672dc46a18e07b9b2e
- SHA1
  
  8159b4812cf8c81db2a21707049e4bacb7ce001c
- SHA256
  
  c5573ce54201bdc1a081c7c7b4b9878a37b7575ad2fb9740c073a8e823f0e818
- SHA512
  
  e896b59ce2c2590302c077b64d07ad0cffdb5c6b713bd0b5193c52ca5ed494f1b4ac099b34d5a3f010435f99c7989b721ddaaa8073c0084e987e6d0137caf159
- SSDEEP
  
  1536:tkt0e82NTdwULGZcYADZPU1+73BD88b0nydNIjN:swTgZPUQJdCN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence