2646adabff828013280074c82f898c8acc4248fcb62dea0733061cbdbd5a6c6c | Triage

Sharing

General

Target

2b0ee2364eae21ad26c9b2b94ca7e6d7_JaffaCakes118
Size

36KB
Sample

240708-fl2fsstbmk
MD5

2b0ee2364eae21ad26c9b2b94ca7e6d7
SHA1

1445fa3bcda7b651e8e4c047239d1d36fcd1e710
SHA256

2646adabff828013280074c82f898c8acc4248fcb62dea0733061cbdbd5a6c6c
SHA512

5a1d8576f3e8a311d1d7a32fd73aa6e434889927a2103f7f0a41e17148d9810199fa3fe961c1785102c744fee8521d4de51e77c2daec48b42befcd73c53661e8
SSDEEP

768:BfZ2YidJN5kXcyXrCD1tDMByGqnxGm3+IdW:BedEcyXrC/GsnsGdW

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  2b0ee2364eae21ad26c9b2b94ca7e6d7_JaffaCakes118
- Size
  
  36KB
- MD5
  
  2b0ee2364eae21ad26c9b2b94ca7e6d7
- SHA1
  
  1445fa3bcda7b651e8e4c047239d1d36fcd1e710
- SHA256
  
  2646adabff828013280074c82f898c8acc4248fcb62dea0733061cbdbd5a6c6c
- SHA512
  
  5a1d8576f3e8a311d1d7a32fd73aa6e434889927a2103f7f0a41e17148d9810199fa3fe961c1785102c744fee8521d4de51e77c2daec48b42befcd73c53661e8
- SSDEEP
  
  768:BfZ2YidJN5kXcyXrCD1tDMByGqnxGm3+IdW:BedEcyXrC/GsnsGdW
Score

8^/10

persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation