4ee0463a1369b97f29ba4a65d1dff0a4f804c551ad768fae916051b821dae9fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

342dff26ac55db2567dec55dd0dce4a0_JaffaCakes118
Size

435KB
Sample

240710-llgpaascpg
MD5

342dff26ac55db2567dec55dd0dce4a0
SHA1

9f8c3aff3faea1d785b4515e98f9e217f0375b58
SHA256

4ee0463a1369b97f29ba4a65d1dff0a4f804c551ad768fae916051b821dae9fb
SHA512

0dfd8723d5eced38f44cd8a88a7dc866c80b3f440f3c7d60ee1ca092f77bae12069e496e7776e023331802b02a9794898482ba4c676e75871516908b198bc54b
SSDEEP

12288:JLgI37qsC/rHyq6ADx09nJenVjP1/y9TTl5D7RIF5TQwRh6:Jb37qsC/jyq6c3mTl5Dmgw

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  342dff26ac55db2567dec55dd0dce4a0_JaffaCakes118
- Size
  
  435KB
- MD5
  
  342dff26ac55db2567dec55dd0dce4a0
- SHA1
  
  9f8c3aff3faea1d785b4515e98f9e217f0375b58
- SHA256
  
  4ee0463a1369b97f29ba4a65d1dff0a4f804c551ad768fae916051b821dae9fb
- SHA512
  
  0dfd8723d5eced38f44cd8a88a7dc866c80b3f440f3c7d60ee1ca092f77bae12069e496e7776e023331802b02a9794898482ba4c676e75871516908b198bc54b
- SSDEEP
  
  12288:JLgI37qsC/rHyq6ADx09nJenVjP1/y9TTl5D7RIF5TQwRh6:Jb37qsC/jyq6c3mTl5Dmgw
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence