1d4fca44ac6fb27d185eda84e3aee77378667696e85c42ff997df47c1b57b697 | Triage

Sharing

General

Target

2d127273a41f958ac516d75c5f886378_JaffaCakes118
Size

268KB
Sample

240708-t734eayblr
MD5

2d127273a41f958ac516d75c5f886378
SHA1

b6f5b267a072a2de32e6f4172e79dcbf08f1bdae
SHA256

1d4fca44ac6fb27d185eda84e3aee77378667696e85c42ff997df47c1b57b697
SHA512

009039e59461fe2ef580c668ec78c84366e70c48650deef9b71ec1070fc613a277d090939cb6bdc43078d74aeb0630a0e876d0f7678ee72da0138e352c7c882a
SSDEEP

6144:kl6PHPr5dFvW8HGzNz8I4vDWsQKcSnuXLH6M4hvB:I6PHVdFvW8Hu/4vDK/XLGhvB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2d127273a41f958ac516d75c5f886378_JaffaCakes118
- Size
  
  268KB
- MD5
  
  2d127273a41f958ac516d75c5f886378
- SHA1
  
  b6f5b267a072a2de32e6f4172e79dcbf08f1bdae
- SHA256
  
  1d4fca44ac6fb27d185eda84e3aee77378667696e85c42ff997df47c1b57b697
- SHA512
  
  009039e59461fe2ef580c668ec78c84366e70c48650deef9b71ec1070fc613a277d090939cb6bdc43078d74aeb0630a0e876d0f7678ee72da0138e352c7c882a
- SSDEEP
  
  6144:kl6PHPr5dFvW8HGzNz8I4vDWsQKcSnuXLH6M4hvB:I6PHVdFvW8Hu/4vDK/XLGhvB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence