01bc868bec39b35052e169434d31a0150ea6a3918185cfa45cb2aafc1039fc64 | Triage

Sharing

General

Target

2fabb0f92a38c8474b3f6476f4d6ee40_JaffaCakes118
Size

120KB
Sample

240709-kh9efsxfna
MD5

2fabb0f92a38c8474b3f6476f4d6ee40
SHA1

333bfa7229d08adf732958af7b4d887d108f94bd
SHA256

01bc868bec39b35052e169434d31a0150ea6a3918185cfa45cb2aafc1039fc64
SHA512

286acff215bd385f1fb1175fa464cdadafc90cf3948ce648054172faea591d1061d8244d313313f883cafda92860fa9c68827e5f3b92766c9683218c63a00897
SSDEEP

768:MiPW5NzTmcKXYXVLTpqZ1RJ28DaWGNMMMNM8F7//mkSKacEZxbjARZ05pG:TWjeccyNTcZ1Z7//mkOZxbURZ0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2fabb0f92a38c8474b3f6476f4d6ee40_JaffaCakes118
- Size
  
  120KB
- MD5
  
  2fabb0f92a38c8474b3f6476f4d6ee40
- SHA1
  
  333bfa7229d08adf732958af7b4d887d108f94bd
- SHA256
  
  01bc868bec39b35052e169434d31a0150ea6a3918185cfa45cb2aafc1039fc64
- SHA512
  
  286acff215bd385f1fb1175fa464cdadafc90cf3948ce648054172faea591d1061d8244d313313f883cafda92860fa9c68827e5f3b92766c9683218c63a00897
- SSDEEP
  
  768:MiPW5NzTmcKXYXVLTpqZ1RJ28DaWGNMMMNM8F7//mkSKacEZxbjARZ05pG:TWjeccyNTcZ1Z7//mkOZxbURZ0
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence