129510c27f5c0794c5252aee41a15fbcedad93b5e3253f7886a6149ff9c2a43a | Triage

Sharing

General

Target

38c618fd1ea4d1a53210b4f99a26c2d2_JaffaCakes118
Size

304KB
Sample

240711-mpymmsvgle
MD5

38c618fd1ea4d1a53210b4f99a26c2d2
SHA1

2b2950c7a87122fd1bf3c14c559f7de89a26829d
SHA256

129510c27f5c0794c5252aee41a15fbcedad93b5e3253f7886a6149ff9c2a43a
SHA512

0b0ac54c0da21717efa2c55e77b23d549e9982f349af01ef4d73fa27992ff6667911c0c737c5de0575d9eeb17107de31049ce14e057b7ec16f13df719d73d33d
SSDEEP

3072:1PGOaEaAaTG0kZSmA2e8xqc+TLMop2aEaLFra+7pvPSvzYj:24AR0ALylaRSg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  38c618fd1ea4d1a53210b4f99a26c2d2_JaffaCakes118
- Size
  
  304KB
- MD5
  
  38c618fd1ea4d1a53210b4f99a26c2d2
- SHA1
  
  2b2950c7a87122fd1bf3c14c559f7de89a26829d
- SHA256
  
  129510c27f5c0794c5252aee41a15fbcedad93b5e3253f7886a6149ff9c2a43a
- SHA512
  
  0b0ac54c0da21717efa2c55e77b23d549e9982f349af01ef4d73fa27992ff6667911c0c737c5de0575d9eeb17107de31049ce14e057b7ec16f13df719d73d33d
- SSDEEP
  
  3072:1PGOaEaAaTG0kZSmA2e8xqc+TLMop2aEaLFra+7pvPSvzYj:24AR0ALylaRSg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence