ea29603b7ac6b48c80e2df5747e44970f04c5e01d5f798562cfbbaa48eac1135 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37f9e800ec8306396321955afa83f47c_JaffaCakes118
Size

96KB
Sample

240711-gte37ssemn
MD5

37f9e800ec8306396321955afa83f47c
SHA1

2553a693ead21bbaff35cbb26b3290c1f84e549f
SHA256

ea29603b7ac6b48c80e2df5747e44970f04c5e01d5f798562cfbbaa48eac1135
SHA512

77f2b07e2a9725dc8c7110dae6e852c9f7a6a1e2819bf99538d2a9bc9bc57e662102de32a842c0e137fddb648519ec54fd78f0caccdbbfd5d8823acaefab8495
SSDEEP

1536:QQQBHmf6cO/hJkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZfJ:ethOlu8CFF/Cn1J

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  37f9e800ec8306396321955afa83f47c_JaffaCakes118
- Size
  
  96KB
- MD5
  
  37f9e800ec8306396321955afa83f47c
- SHA1
  
  2553a693ead21bbaff35cbb26b3290c1f84e549f
- SHA256
  
  ea29603b7ac6b48c80e2df5747e44970f04c5e01d5f798562cfbbaa48eac1135
- SHA512
  
  77f2b07e2a9725dc8c7110dae6e852c9f7a6a1e2819bf99538d2a9bc9bc57e662102de32a842c0e137fddb648519ec54fd78f0caccdbbfd5d8823acaefab8495
- SSDEEP
  
  1536:QQQBHmf6cO/hJkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZfJ:ethOlu8CFF/Cn1J
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence