e0885c94e24bc683e18b6b04a07fb042efbe263170541a5d90cf8f20fe5e832e | Triage

Sharing

General

Target

27fcf6f507fda2e72dd54fc627f79e37_JaffaCakes118
Size

488KB
Sample

240706-ky6nhatbnm
MD5

27fcf6f507fda2e72dd54fc627f79e37
SHA1

8234af82ded7979b843bc3ac2abd5b8c36fa5bac
SHA256

e0885c94e24bc683e18b6b04a07fb042efbe263170541a5d90cf8f20fe5e832e
SHA512

f25d801ed236dc3d3879af667b7a3058d8baee0a45bac2ba0aad6c80bbc7e3359a63a860cf1ce19547f93cfc751a772c2b4574e0e54f7f924e63b21d52b6b1a4
SSDEEP

12288:W9tTbLysKNy0j/+F5wvuztiBdp2sYY2jMMnMMMMM1f:W9RbLyry0jGcdTYhMMnMMMMMR

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  27fcf6f507fda2e72dd54fc627f79e37_JaffaCakes118
- Size
  
  488KB
- MD5
  
  27fcf6f507fda2e72dd54fc627f79e37
- SHA1
  
  8234af82ded7979b843bc3ac2abd5b8c36fa5bac
- SHA256
  
  e0885c94e24bc683e18b6b04a07fb042efbe263170541a5d90cf8f20fe5e832e
- SHA512
  
  f25d801ed236dc3d3879af667b7a3058d8baee0a45bac2ba0aad6c80bbc7e3359a63a860cf1ce19547f93cfc751a772c2b4574e0e54f7f924e63b21d52b6b1a4
- SSDEEP
  
  12288:W9tTbLysKNy0j/+F5wvuztiBdp2sYY2jMMnMMMMM1f:W9RbLyry0jGcdTYhMMnMMMMMR
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence