0033b2017d81bbb946218459807be43a442b548f6575566142d9efa5408bbcf5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2188c3a9b23fe94eafec1e11ad471818_JaffaCakes118
Size

152KB
Sample

240703-ja5wmawgrp
MD5

2188c3a9b23fe94eafec1e11ad471818
SHA1

5c9beb6c800831b0600ce804fb20aa9251de62c1
SHA256

0033b2017d81bbb946218459807be43a442b548f6575566142d9efa5408bbcf5
SHA512

85e39db9151bc3226166a6511974807bfd5675c62d0511515aa4e222c892511e7c3361571333c2032ec06c1637d776cecd894b3228c53c15e56e2cdf2e86c1a4
SSDEEP

3072:L3sOvl3Po5+tTjFqV+t3DRGCKBiAK0tE5j4oQ:DQ5+t8+NDR5A2d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2188c3a9b23fe94eafec1e11ad471818_JaffaCakes118
- Size
  
  152KB
- MD5
  
  2188c3a9b23fe94eafec1e11ad471818
- SHA1
  
  5c9beb6c800831b0600ce804fb20aa9251de62c1
- SHA256
  
  0033b2017d81bbb946218459807be43a442b548f6575566142d9efa5408bbcf5
- SHA512
  
  85e39db9151bc3226166a6511974807bfd5675c62d0511515aa4e222c892511e7c3361571333c2032ec06c1637d776cecd894b3228c53c15e56e2cdf2e86c1a4
- SSDEEP
  
  3072:L3sOvl3Po5+tTjFqV+t3DRGCKBiAK0tE5j4oQ:DQ5+t8+NDR5A2d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence