a530c32fb9a7056f33f434379f5d9e6287e38d853e4755fe6350dbe88353ea67 | Triage

Sharing

General

Target

0758ac59d414aacdf695219db42f30aa_JaffaCakes118
Size

731KB
Sample

240624-jyt42asclf
MD5

0758ac59d414aacdf695219db42f30aa
SHA1

878b20b64118cb5f3dd8ed1ca96000140a53da5d
SHA256

a530c32fb9a7056f33f434379f5d9e6287e38d853e4755fe6350dbe88353ea67
SHA512

c172ed58781071736be4e57f87923c1227bd5bea895db5aa190555815a6a00c2993631fc8e5def8994dd93ad3c440fb5f72dbff8aa911e4d0c3fcff24277d15f
SSDEEP

12288:Jaingtd/9iCpVEZxzraxdUdpmOFmjnDgGeIttwoPR5pWZhAIRXHYnrmg:JaigD/ArravUdsOwnlFttwYQRXHYrmg

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  0758ac59d414aacdf695219db42f30aa_JaffaCakes118
- Size
  
  731KB
- MD5
  
  0758ac59d414aacdf695219db42f30aa
- SHA1
  
  878b20b64118cb5f3dd8ed1ca96000140a53da5d
- SHA256
  
  a530c32fb9a7056f33f434379f5d9e6287e38d853e4755fe6350dbe88353ea67
- SHA512
  
  c172ed58781071736be4e57f87923c1227bd5bea895db5aa190555815a6a00c2993631fc8e5def8994dd93ad3c440fb5f72dbff8aa911e4d0c3fcff24277d15f
- SSDEEP
  
  12288:Jaingtd/9iCpVEZxzraxdUdpmOFmjnDgGeIttwoPR5pWZhAIRXHYnrmg:JaigD/ArravUdsOwnlFttwYQRXHYrmg
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation