daa756b47afacdcfcf939a297091d391f95e5bc7634eb65b34d2ddfda4f2024c | Triage

Sharing

General

Target

22717cc0b6402c4a345a6cf5c9584577_JaffaCakes118
Size

332KB
Sample

240703-p6jk6awfph
MD5

22717cc0b6402c4a345a6cf5c9584577
SHA1

833181edf6baddc67f1801b3bf382cfb9305cbac
SHA256

daa756b47afacdcfcf939a297091d391f95e5bc7634eb65b34d2ddfda4f2024c
SHA512

1526ac96803de32304e46bc7efe24e9f142d8b28bd36f85d98ad2f7f0ffce4dd852519bbceefebad70231e11dc06cc0f4b3b47a2ffc768c30122048deb7e754d
SSDEEP

6144:XTYpYGCleWHLNAnJHms8aBDR12SgqDxJd:XEdNnFV12VqD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  22717cc0b6402c4a345a6cf5c9584577_JaffaCakes118
- Size
  
  332KB
- MD5
  
  22717cc0b6402c4a345a6cf5c9584577
- SHA1
  
  833181edf6baddc67f1801b3bf382cfb9305cbac
- SHA256
  
  daa756b47afacdcfcf939a297091d391f95e5bc7634eb65b34d2ddfda4f2024c
- SHA512
  
  1526ac96803de32304e46bc7efe24e9f142d8b28bd36f85d98ad2f7f0ffce4dd852519bbceefebad70231e11dc06cc0f4b3b47a2ffc768c30122048deb7e754d
- SSDEEP
  
  6144:XTYpYGCleWHLNAnJHms8aBDR12SgqDxJd:XEdNnFV12VqD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence