1c28f7f18e7a1289391f84a7cbad3adf4a482aa469f49fcb54afada036ebae68 | Triage

Sharing

General

Target

398d4ae185f22e5d07c0ce0bf73c9fdc_JaffaCakes118
Size

248KB
Sample

240711-r3pdcatbkc
MD5

398d4ae185f22e5d07c0ce0bf73c9fdc
SHA1

2a258dded4ce0a69554a90e64c6b49e530c87d20
SHA256

1c28f7f18e7a1289391f84a7cbad3adf4a482aa469f49fcb54afada036ebae68
SHA512

885a7643f9a2209df15307d71f7c9e4d03e97ad4756c353637fd86b6e5b20abd53e3e5933625640b4bfb4ce9a28349f0902253a84daedb0fc1a88fe1d5930f4d
SSDEEP

6144:knLRZByIFaE+yisPBwP5hvAlGJoeHiPrAqlxx2JHWPvZEzc6QH2fKM+i:k9ZB7FaE+yBBwP5hIZOHW3kQ6KM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  398d4ae185f22e5d07c0ce0bf73c9fdc_JaffaCakes118
- Size
  
  248KB
- MD5
  
  398d4ae185f22e5d07c0ce0bf73c9fdc
- SHA1
  
  2a258dded4ce0a69554a90e64c6b49e530c87d20
- SHA256
  
  1c28f7f18e7a1289391f84a7cbad3adf4a482aa469f49fcb54afada036ebae68
- SHA512
  
  885a7643f9a2209df15307d71f7c9e4d03e97ad4756c353637fd86b6e5b20abd53e3e5933625640b4bfb4ce9a28349f0902253a84daedb0fc1a88fe1d5930f4d
- SSDEEP
  
  6144:knLRZByIFaE+yisPBwP5hvAlGJoeHiPrAqlxx2JHWPvZEzc6QH2fKM+i:k9ZB7FaE+yBBwP5hIZOHW3kQ6KM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence