b123571990f175819c665cbd1229793c8aa34edc2ccd124e2b7ca1e86c7ad5b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

226f2eacabc1cb03edbb25f3434aced8_JaffaCakes118
Size

124KB
Sample

240703-p3sdwswdpf
MD5

226f2eacabc1cb03edbb25f3434aced8
SHA1

0b282bc69528ab58e1e9708ad44f1fa37c7a3511
SHA256

b123571990f175819c665cbd1229793c8aa34edc2ccd124e2b7ca1e86c7ad5b9
SHA512

b823e2c5fd37be80dee1be12e0e8a979ab4121d7bf1f9ad4efaae915833e4c305353ab2a9b73bb28da626ea75a9f64904cd0e7d3ffaafcce6d93f2995e425abe
SSDEEP

3072:T95TL1ylTSpwpmzSfYlWBQxQobunKas3E/u:3L1ylWpwc4YlWBQxQMunKE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  226f2eacabc1cb03edbb25f3434aced8_JaffaCakes118
- Size
  
  124KB
- MD5
  
  226f2eacabc1cb03edbb25f3434aced8
- SHA1
  
  0b282bc69528ab58e1e9708ad44f1fa37c7a3511
- SHA256
  
  b123571990f175819c665cbd1229793c8aa34edc2ccd124e2b7ca1e86c7ad5b9
- SHA512
  
  b823e2c5fd37be80dee1be12e0e8a979ab4121d7bf1f9ad4efaae915833e4c305353ab2a9b73bb28da626ea75a9f64904cd0e7d3ffaafcce6d93f2995e425abe
- SSDEEP
  
  3072:T95TL1ylTSpwpmzSfYlWBQxQobunKas3E/u:3L1ylWpwc4YlWBQxQMunKE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence