aefe0925ca189f684f10e041085e8cbfd7f0d46816290cd3267ca430e7c99740 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15c06c6b3968b6103d549dce8770e51a_JaffaCakes118
Size

152KB
Sample

240627-m4hvqszhjl
MD5

15c06c6b3968b6103d549dce8770e51a
SHA1

11b6d132aa5fcd0a20247b7fa0f234152b84deb5
SHA256

aefe0925ca189f684f10e041085e8cbfd7f0d46816290cd3267ca430e7c99740
SHA512

2c9350830ef8e62ff2f4e8972d9fe1a4080643001087b62ffe8c5198df8959b53ae182a31d5edf1cda9a2bb010a7cd4fdf14a0d98c7e156042c0fdb3760013a8
SSDEEP

3072:fDbXFv76nbvsMcZ3eawlI88rnXD2olnb4oQZiERMPS:7Bv76nbvsh1eI8onBVWzt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  15c06c6b3968b6103d549dce8770e51a_JaffaCakes118
- Size
  
  152KB
- MD5
  
  15c06c6b3968b6103d549dce8770e51a
- SHA1
  
  11b6d132aa5fcd0a20247b7fa0f234152b84deb5
- SHA256
  
  aefe0925ca189f684f10e041085e8cbfd7f0d46816290cd3267ca430e7c99740
- SHA512
  
  2c9350830ef8e62ff2f4e8972d9fe1a4080643001087b62ffe8c5198df8959b53ae182a31d5edf1cda9a2bb010a7cd4fdf14a0d98c7e156042c0fdb3760013a8
- SSDEEP
  
  3072:fDbXFv76nbvsMcZ3eawlI88rnXD2olnb4oQZiERMPS:7Bv76nbvsh1eI8onBVWzt
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence