dd9fade265efffc3c3f0ce5251747dc6ce8d78ca8048b4b1cde1a77c3eb80950 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24cecf480f6ab6798a63524148e19224_JaffaCakes118
Size

44KB
Sample

240704-gasvysxank
MD5

24cecf480f6ab6798a63524148e19224
SHA1

c9214f7e7bcbf647f46b4b06d06e685cd70467b9
SHA256

dd9fade265efffc3c3f0ce5251747dc6ce8d78ca8048b4b1cde1a77c3eb80950
SHA512

43763f966b2eb983d6a688df866b24189d8a50fcb172e2750e6e30859c7be640edfcfb176c1c609d2734f585ace3d53f50083d835a4975a449421527ab799877
SSDEEP

768:f7/HdW9eBBXe04H7cHPHYmug6UXQm1dIZE2ocOT77e:f9OHyj6S3T77

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  24cecf480f6ab6798a63524148e19224_JaffaCakes118
- Size
  
  44KB
- MD5
  
  24cecf480f6ab6798a63524148e19224
- SHA1
  
  c9214f7e7bcbf647f46b4b06d06e685cd70467b9
- SHA256
  
  dd9fade265efffc3c3f0ce5251747dc6ce8d78ca8048b4b1cde1a77c3eb80950
- SHA512
  
  43763f966b2eb983d6a688df866b24189d8a50fcb172e2750e6e30859c7be640edfcfb176c1c609d2734f585ace3d53f50083d835a4975a449421527ab799877
- SSDEEP
  
  768:f7/HdW9eBBXe04H7cHPHYmug6UXQm1dIZE2ocOT77e:f9OHyj6S3T77
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence