9fc29028691a15c92519a834f9f4fe5acb56f95af75592bc7053f062b6395b38 | Triage

Sharing

General

Target

2b1fb1493d626882fd358f5fbb986164_JaffaCakes118
Size

184KB
Sample

240708-f2qz1awfkg
MD5

2b1fb1493d626882fd358f5fbb986164
SHA1

e5f52d8817ebb8cc5aaa4a76977aaa07c0b14820
SHA256

9fc29028691a15c92519a834f9f4fe5acb56f95af75592bc7053f062b6395b38
SHA512

4dbce10ce0510f7d101e08fc3749e34d4d14f59883b0cb052a69879f6082bf859e930234e70c5f3c70e93ab82ae145aa2a82b94e82edb2baef71f1cb5ee8b6a8
SSDEEP

3072:ZI54B8Sx9YUdtG716ennADVeMfcRAGKB+uMTEd1CTu:ZicZu1tnADVhERAGKB+uSEdl

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2b1fb1493d626882fd358f5fbb986164_JaffaCakes118
- Size
  
  184KB
- MD5
  
  2b1fb1493d626882fd358f5fbb986164
- SHA1
  
  e5f52d8817ebb8cc5aaa4a76977aaa07c0b14820
- SHA256
  
  9fc29028691a15c92519a834f9f4fe5acb56f95af75592bc7053f062b6395b38
- SHA512
  
  4dbce10ce0510f7d101e08fc3749e34d4d14f59883b0cb052a69879f6082bf859e930234e70c5f3c70e93ab82ae145aa2a82b94e82edb2baef71f1cb5ee8b6a8
- SSDEEP
  
  3072:ZI54B8Sx9YUdtG716ennADVeMfcRAGKB+uMTEd1CTu:ZicZu1tnADVhERAGKB+uSEdl
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence