73ccb2f55e1a7b06ed2662edc030085ee86c4e7d6a747761aa2318d495171b24 | Triage

Sharing

General

Target

0e0d4cddfd6a1f5c178c59cc42833872_JaffaCakes118
Size

100KB
Sample

240625-pjghaazama
MD5

0e0d4cddfd6a1f5c178c59cc42833872
SHA1

bf962e8824b9fd47d7545258a8e7febedff4f1a6
SHA256

73ccb2f55e1a7b06ed2662edc030085ee86c4e7d6a747761aa2318d495171b24
SHA512

aaf48a9f2de306fe5e2ad2d97e82e65022c3e69041d881e6977ae2263a866fae5bbcbba8abdf7edf7d09bab88ddb6528a0a7bc4eaf05e77c918db62f2f231282
SSDEEP

1536:xVt0M82NTdwXRLGZcYADZPU1+73BD88b0nyyNIjP:LwXwgZPUQJyCP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0e0d4cddfd6a1f5c178c59cc42833872_JaffaCakes118
- Size
  
  100KB
- MD5
  
  0e0d4cddfd6a1f5c178c59cc42833872
- SHA1
  
  bf962e8824b9fd47d7545258a8e7febedff4f1a6
- SHA256
  
  73ccb2f55e1a7b06ed2662edc030085ee86c4e7d6a747761aa2318d495171b24
- SHA512
  
  aaf48a9f2de306fe5e2ad2d97e82e65022c3e69041d881e6977ae2263a866fae5bbcbba8abdf7edf7d09bab88ddb6528a0a7bc4eaf05e77c918db62f2f231282
- SSDEEP
  
  1536:xVt0M82NTdwXRLGZcYADZPU1+73BD88b0nyyNIjP:LwXwgZPUQJyCP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence