4819d66970b43c4430b231bcda4da0c4b6efc8c99e019708f7135d126efb60d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

241ee2a430b89b094e9dc048c90f36e1_JaffaCakes118
Size

222KB
Sample

240704-bjw13swdqm
MD5

241ee2a430b89b094e9dc048c90f36e1
SHA1

6e1bcd5c2d63db67cb025775bd976a144bdee5bb
SHA256

4819d66970b43c4430b231bcda4da0c4b6efc8c99e019708f7135d126efb60d5
SHA512

c723c416cffb362752de06f6beb5ee90632b2f3162312148bf730b315951b64b63d5bcd98f1450fb707e442736c46cbe3e548b41d303a75ea1652f567637a664
SSDEEP

3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DER4eQStkM+aF2CIBE9TtZcB3:gDCwfG1bnxLERRL+W0ap+t

Score

10^/10

defense_evasion evasion persistence

Malware Config

Targets

- Target
  
  241ee2a430b89b094e9dc048c90f36e1_JaffaCakes118
- Size
  
  222KB
- MD5
  
  241ee2a430b89b094e9dc048c90f36e1
- SHA1
  
  6e1bcd5c2d63db67cb025775bd976a144bdee5bb
- SHA256
  
  4819d66970b43c4430b231bcda4da0c4b6efc8c99e019708f7135d126efb60d5
- SHA512
  
  c723c416cffb362752de06f6beb5ee90632b2f3162312148bf730b315951b64b63d5bcd98f1450fb707e442736c46cbe3e548b41d303a75ea1652f567637a664
- SSDEEP
  
  3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DER4eQStkM+aF2CIBE9TtZcB3:gDCwfG1bnxLERRL+W0ap+t
Score

10^/10

defense_evasion evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionevasionpersistence

behavioral2

defense_evasionevasionpersistence