8fa0d3e963b995b599c2f17af04e75a533e0d8f0c6ddaf462adbed95ece46c2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b820db8bdb818d0ea0ab97b98ae754e_JaffaCakes118
Size

196KB
Sample

240708-jhw9fs1elf
MD5

2b820db8bdb818d0ea0ab97b98ae754e
SHA1

51f98b2aa510dd995f72bf101d6a563837f9a322
SHA256

8fa0d3e963b995b599c2f17af04e75a533e0d8f0c6ddaf462adbed95ece46c2f
SHA512

0796891b8994bb19d6eec48c6f5ccf4eb7d676721711f7863ac3d4d7dc1325c818c431ed2e2eb1f1417d5a4646318aa546caf9795bc3f3f2b62bb141b7548643
SSDEEP

3072:M1CVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:MQVnPybzV8Oio0ctLTt08doLRO8qeg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2b820db8bdb818d0ea0ab97b98ae754e_JaffaCakes118
- Size
  
  196KB
- MD5
  
  2b820db8bdb818d0ea0ab97b98ae754e
- SHA1
  
  51f98b2aa510dd995f72bf101d6a563837f9a322
- SHA256
  
  8fa0d3e963b995b599c2f17af04e75a533e0d8f0c6ddaf462adbed95ece46c2f
- SHA512
  
  0796891b8994bb19d6eec48c6f5ccf4eb7d676721711f7863ac3d4d7dc1325c818c431ed2e2eb1f1417d5a4646318aa546caf9795bc3f3f2b62bb141b7548643
- SSDEEP
  
  3072:M1CVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:MQVnPybzV8Oio0ctLTt08doLRO8qeg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence