301af0d2770fb5729145968cb77e544b98fc3497f2df4e6a95ed93aab564e98c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

164400b9e70f2b0d3b340a9be79f0c65_JaffaCakes118
Size

204KB
Sample

240627-rcxa9svbmf
MD5

164400b9e70f2b0d3b340a9be79f0c65
SHA1

2bcb92590bc34164acc2beae18917792ebbdbd91
SHA256

301af0d2770fb5729145968cb77e544b98fc3497f2df4e6a95ed93aab564e98c
SHA512

91b98dbd79afabb4073a75f0c8dbc15d9aa4cb2cc669b5918bd7a9a9091f93579bd5a209d5c3f4da6235a2c60d06558b2e3a2269e8ff3e501685e908f5be487b
SSDEEP

3072:6mLW8i0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWyD:1ad4QxL7B9W0c1RCzR/fSmlz

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  164400b9e70f2b0d3b340a9be79f0c65_JaffaCakes118
- Size
  
  204KB
- MD5
  
  164400b9e70f2b0d3b340a9be79f0c65
- SHA1
  
  2bcb92590bc34164acc2beae18917792ebbdbd91
- SHA256
  
  301af0d2770fb5729145968cb77e544b98fc3497f2df4e6a95ed93aab564e98c
- SHA512
  
  91b98dbd79afabb4073a75f0c8dbc15d9aa4cb2cc669b5918bd7a9a9091f93579bd5a209d5c3f4da6235a2c60d06558b2e3a2269e8ff3e501685e908f5be487b
- SSDEEP
  
  3072:6mLW8i0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWyD:1ad4QxL7B9W0c1RCzR/fSmlz
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence