3f2603259895242c923e0c3bda7b727ae619c790787851f55011d173c3b2ee40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a705ea57bfd2915b5d0ce9a66804568_JaffaCakes118
Size

33KB
Sample

240708-bgr94svelj
MD5

2a705ea57bfd2915b5d0ce9a66804568
SHA1

bcf0f8fa8a5e0a5a8f74a11f181a6630ee5aafdd
SHA256

3f2603259895242c923e0c3bda7b727ae619c790787851f55011d173c3b2ee40
SHA512

498d42d3d7d1ab39f7851b490b777c2c5350d68cb3a941f9fc00b066c8e5c304508b9633cab0e25aa86c116d9134cb64ecf6a2cfb8909da0cf464c362b00a3c2
SSDEEP

768:i4XsbF9S/2ze4Lbq5kRC3n7m+pM73aMvzDc8F4:jm9o2yEbq9X7vWvk8W

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  2a705ea57bfd2915b5d0ce9a66804568_JaffaCakes118
- Size
  
  33KB
- MD5
  
  2a705ea57bfd2915b5d0ce9a66804568
- SHA1
  
  bcf0f8fa8a5e0a5a8f74a11f181a6630ee5aafdd
- SHA256
  
  3f2603259895242c923e0c3bda7b727ae619c790787851f55011d173c3b2ee40
- SHA512
  
  498d42d3d7d1ab39f7851b490b777c2c5350d68cb3a941f9fc00b066c8e5c304508b9633cab0e25aa86c116d9134cb64ecf6a2cfb8909da0cf464c362b00a3c2
- SSDEEP
  
  768:i4XsbF9S/2ze4Lbq5kRC3n7m+pM73aMvzDc8F4:jm9o2yEbq9X7vWvk8W
Score

8^/10

evasion persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence