d30b8f84e00a4d98d840c6b6dbe16b64ff9f09c923844175afdc2eaae0ae3593 | Triage

Sharing

General

Target

2b90885c8564fecfef0601c263425b8d_JaffaCakes118
Size

228KB
Sample

240708-jtqk2szblq
MD5

2b90885c8564fecfef0601c263425b8d
SHA1

cd961948e44fd60c5bcae9efc06bf49a385d52de
SHA256

d30b8f84e00a4d98d840c6b6dbe16b64ff9f09c923844175afdc2eaae0ae3593
SHA512

42b11883d9f74c1519ac3cb9223535100608f9f2c6c97f598b6809a22ec2e81b4e79212dcc8c64e98fe6e5aa3c00abb1432d4da7128542abedd9dd459133ae85
SSDEEP

6144:xK9k3dwqsNy5ibpNjl4EqxF6snji81RUinKICT:E9edQxlT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2b90885c8564fecfef0601c263425b8d_JaffaCakes118
- Size
  
  228KB
- MD5
  
  2b90885c8564fecfef0601c263425b8d
- SHA1
  
  cd961948e44fd60c5bcae9efc06bf49a385d52de
- SHA256
  
  d30b8f84e00a4d98d840c6b6dbe16b64ff9f09c923844175afdc2eaae0ae3593
- SHA512
  
  42b11883d9f74c1519ac3cb9223535100608f9f2c6c97f598b6809a22ec2e81b4e79212dcc8c64e98fe6e5aa3c00abb1432d4da7128542abedd9dd459133ae85
- SSDEEP
  
  6144:xK9k3dwqsNy5ibpNjl4EqxF6snji81RUinKICT:E9edQxlT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence