afd3041705aa879161ddb1535f65f26bcbc72f412260171677de18d701519439 | Triage

Sharing

General

Target

01b7a1e0d46d37cdbc37c37f2c1f9774_JaffaCakes118
Size

272KB
Sample

240620-bw7y4swapr
MD5

01b7a1e0d46d37cdbc37c37f2c1f9774
SHA1

325debb69ebf44c67deda6332e11d22aebbb61b7
SHA256

afd3041705aa879161ddb1535f65f26bcbc72f412260171677de18d701519439
SHA512

e5ee3398fd0325674e70a70dd217cf536be188866531b219e74bfe93ef84639c4b9c5d18b4885ba0cbb5adf9183116ae44ed577e0d2eca5e69a89eb1fc553f23
SSDEEP

6144:P3abKlQxchRdjLmtrBuMrdekUH63u+X5sc57W:CLxGLTuPL5

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  01b7a1e0d46d37cdbc37c37f2c1f9774_JaffaCakes118
- Size
  
  272KB
- MD5
  
  01b7a1e0d46d37cdbc37c37f2c1f9774
- SHA1
  
  325debb69ebf44c67deda6332e11d22aebbb61b7
- SHA256
  
  afd3041705aa879161ddb1535f65f26bcbc72f412260171677de18d701519439
- SHA512
  
  e5ee3398fd0325674e70a70dd217cf536be188866531b219e74bfe93ef84639c4b9c5d18b4885ba0cbb5adf9183116ae44ed577e0d2eca5e69a89eb1fc553f23
- SSDEEP
  
  6144:P3abKlQxchRdjLmtrBuMrdekUH63u+X5sc57W:CLxGLTuPL5
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence