6293c4f2ab8ca9227546a489abadd1462242c1c075fb70b4c454c44f29e2ae83 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e8dd1aa2da5e73597d19130b2e8e173_JaffaCakes118
Size

100KB
Sample

240625-sqlx5azhnq
MD5

0e8dd1aa2da5e73597d19130b2e8e173
SHA1

8db859865573664459c40f9e77d17dbb7dafe8bc
SHA256

6293c4f2ab8ca9227546a489abadd1462242c1c075fb70b4c454c44f29e2ae83
SHA512

212910e947aa7bdf43d2c357ff5e5185c0dc70b05e28bdc14b5cfc1f736ef676ece26691dc52f0cdf628da80673cb3ed1912d0734fdfbef99c723ad1d38b9e38
SSDEEP

1536:7jX8iAuismywscNELw0wF9MGM9K/oKtNgCMbA1bL3N+NM5UfpNIjnZrG:ncNE/KLOM5iCnZG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0e8dd1aa2da5e73597d19130b2e8e173_JaffaCakes118
- Size
  
  100KB
- MD5
  
  0e8dd1aa2da5e73597d19130b2e8e173
- SHA1
  
  8db859865573664459c40f9e77d17dbb7dafe8bc
- SHA256
  
  6293c4f2ab8ca9227546a489abadd1462242c1c075fb70b4c454c44f29e2ae83
- SHA512
  
  212910e947aa7bdf43d2c357ff5e5185c0dc70b05e28bdc14b5cfc1f736ef676ece26691dc52f0cdf628da80673cb3ed1912d0734fdfbef99c723ad1d38b9e38
- SSDEEP
  
  1536:7jX8iAuismywscNELw0wF9MGM9K/oKtNgCMbA1bL3N+NM5UfpNIjnZrG:ncNE/KLOM5iCnZG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence