e055f64afbcd936da8daf71f2ccba8439c1a288c6a0b799974bd2a1a55da6ba0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1887e6bdeb7adfe1841f4f1c11dad975_JaffaCakes118
Size

100KB
Sample

240628-dd46lszfmj
MD5

1887e6bdeb7adfe1841f4f1c11dad975
SHA1

17ca99330bce87dc43f94c01f1b64db48c9ac391
SHA256

e055f64afbcd936da8daf71f2ccba8439c1a288c6a0b799974bd2a1a55da6ba0
SHA512

8c08154e5a7556693341b91306c0c9236cca72e26c818ab4351cf7419a79c74a34bdef9496db1df2b9f71662bfb568a47d998f2c62fd480e4b996439c3a7b98e
SSDEEP

1536:bMWtcX220mQdFxJKIRGWcOUP7vXArnY1ZqAefzyesVNIj/:whQdANAfzyeOC/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1887e6bdeb7adfe1841f4f1c11dad975_JaffaCakes118
- Size
  
  100KB
- MD5
  
  1887e6bdeb7adfe1841f4f1c11dad975
- SHA1
  
  17ca99330bce87dc43f94c01f1b64db48c9ac391
- SHA256
  
  e055f64afbcd936da8daf71f2ccba8439c1a288c6a0b799974bd2a1a55da6ba0
- SHA512
  
  8c08154e5a7556693341b91306c0c9236cca72e26c818ab4351cf7419a79c74a34bdef9496db1df2b9f71662bfb568a47d998f2c62fd480e4b996439c3a7b98e
- SSDEEP
  
  1536:bMWtcX220mQdFxJKIRGWcOUP7vXArnY1ZqAefzyesVNIj/:whQdANAfzyeOC/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence