0a9b07d8d0c09d5fd97521d766898f862764c1313c0715aab040c3f1e5462b1b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f7b4e455796f02d74aef030e85c8aaa_JaffaCakes118
Size

124KB
Sample

240625-zmxc1svekn
MD5

0f7b4e455796f02d74aef030e85c8aaa
SHA1

9dc013d0718213e3d9ea3b61d827856786c26cbb
SHA256

0a9b07d8d0c09d5fd97521d766898f862764c1313c0715aab040c3f1e5462b1b
SHA512

33e5649042e8fdad6bf9c0ad60310e18e213a410a1cfc0cb8eaca23144de15e28d9568e4862c992a8a0f4a75db8d7af254863dffce1454b9b49652bffc90129c
SSDEEP

1536:QGEthwRUuBxeDtMYHa27J14ltxporZ45i8NeG0h/E:/EthwRUkeV6gJ1uCt45OM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0f7b4e455796f02d74aef030e85c8aaa_JaffaCakes118
- Size
  
  124KB
- MD5
  
  0f7b4e455796f02d74aef030e85c8aaa
- SHA1
  
  9dc013d0718213e3d9ea3b61d827856786c26cbb
- SHA256
  
  0a9b07d8d0c09d5fd97521d766898f862764c1313c0715aab040c3f1e5462b1b
- SHA512
  
  33e5649042e8fdad6bf9c0ad60310e18e213a410a1cfc0cb8eaca23144de15e28d9568e4862c992a8a0f4a75db8d7af254863dffce1454b9b49652bffc90129c
- SSDEEP
  
  1536:QGEthwRUuBxeDtMYHa27J14ltxporZ45i8NeG0h/E:/EthwRUkeV6gJ1uCt45OM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence