d21c97d91cfb8e7dc41f2bd1d3b8f06b0bdb27b8bb8cd9ac25a888e2e0cd95ff | Triage

Sharing

General

Target

3609dd9bead078abedec9032528489b5_JaffaCakes118
Size

252KB
Sample

240710-xyq92axfrg
MD5

3609dd9bead078abedec9032528489b5
SHA1

212ff9df8b4152de1a0f1926712c01fd37891a11
SHA256

d21c97d91cfb8e7dc41f2bd1d3b8f06b0bdb27b8bb8cd9ac25a888e2e0cd95ff
SHA512

16f0a17a9b46df2f364780446b999eb6ac3e79bf0740a2d9f429d06a45d524a0ff5ed56e2314bd0743c4b760ddd7f46837277fb7b0f123985cff850a00df0cd4
SSDEEP

3072:hl0qlgYg9bVtgfzFHfzb51QRPr8GDilkk:hlHg59joFJyr8GuS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3609dd9bead078abedec9032528489b5_JaffaCakes118
- Size
  
  252KB
- MD5
  
  3609dd9bead078abedec9032528489b5
- SHA1
  
  212ff9df8b4152de1a0f1926712c01fd37891a11
- SHA256
  
  d21c97d91cfb8e7dc41f2bd1d3b8f06b0bdb27b8bb8cd9ac25a888e2e0cd95ff
- SHA512
  
  16f0a17a9b46df2f364780446b999eb6ac3e79bf0740a2d9f429d06a45d524a0ff5ed56e2314bd0743c4b760ddd7f46837277fb7b0f123985cff850a00df0cd4
- SSDEEP
  
  3072:hl0qlgYg9bVtgfzFHfzb51QRPr8GDilkk:hlHg59joFJyr8GuS
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence