073ca89d6d23947f4fec7a8261bea55669f1e08ffa22526a58ad7c3e080d2e92 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

212f2a5cc5f6748fdc8d0f1a8807c05e_JaffaCakes118
Size

228KB
Sample

240703-fxp7xaygnf
MD5

212f2a5cc5f6748fdc8d0f1a8807c05e
SHA1

25e10646497540d4629a87e4ef5077bff0b1dab9
SHA256

073ca89d6d23947f4fec7a8261bea55669f1e08ffa22526a58ad7c3e080d2e92
SHA512

70ee7d327cbe758ca921102532ff3a53819dfd214c2fd9120a73f804959fd30a3b3d4ba21adf8c5d99331368befdcbc57f999899a6a39ead4dcc8e3bde5a8f56
SSDEEP

6144:4KvBA3dwqsNy5ibpNjl4EqxF6snji81RUinKICm9:tv4dQxlM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  212f2a5cc5f6748fdc8d0f1a8807c05e_JaffaCakes118
- Size
  
  228KB
- MD5
  
  212f2a5cc5f6748fdc8d0f1a8807c05e
- SHA1
  
  25e10646497540d4629a87e4ef5077bff0b1dab9
- SHA256
  
  073ca89d6d23947f4fec7a8261bea55669f1e08ffa22526a58ad7c3e080d2e92
- SHA512
  
  70ee7d327cbe758ca921102532ff3a53819dfd214c2fd9120a73f804959fd30a3b3d4ba21adf8c5d99331368befdcbc57f999899a6a39ead4dcc8e3bde5a8f56
- SSDEEP
  
  6144:4KvBA3dwqsNy5ibpNjl4EqxF6snji81RUinKICm9:tv4dQxlM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence