bf7421b7f24d8e3a132c2cee4fc74589faa368b673b434e52d1bd2d177ddef0b | Triage

Sharing

General

Target

282a36ececa3d7d6b2e7e04b2fd10c3b_JaffaCakes118
Size

232KB
Sample

240706-l6hr3sxhmd
MD5

282a36ececa3d7d6b2e7e04b2fd10c3b
SHA1

72769f7383ad4b0c008cd9d0b54c28476e79088c
SHA256

bf7421b7f24d8e3a132c2cee4fc74589faa368b673b434e52d1bd2d177ddef0b
SHA512

cefa3c3133a572ebf07ed2c0d168b93c06794af35fd6f71ddfa4e25eb751cce25b8d7e17cb98ce506a4b98ad32a513d571fc332d311cf1ea1ade727ecf84cf01
SSDEEP

6144:J3PFKs7dizxRJFBfWEqxF6snji81RUinK5qjbkxYubSj:FPhYTBXibkx9bO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  282a36ececa3d7d6b2e7e04b2fd10c3b_JaffaCakes118
- Size
  
  232KB
- MD5
  
  282a36ececa3d7d6b2e7e04b2fd10c3b
- SHA1
  
  72769f7383ad4b0c008cd9d0b54c28476e79088c
- SHA256
  
  bf7421b7f24d8e3a132c2cee4fc74589faa368b673b434e52d1bd2d177ddef0b
- SHA512
  
  cefa3c3133a572ebf07ed2c0d168b93c06794af35fd6f71ddfa4e25eb751cce25b8d7e17cb98ce506a4b98ad32a513d571fc332d311cf1ea1ade727ecf84cf01
- SSDEEP
  
  6144:J3PFKs7dizxRJFBfWEqxF6snji81RUinK5qjbkxYubSj:FPhYTBXibkx9bO
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence