61f6028c5cda2586d9555de043aeaadc94ffbf50e985fafb6fac686aec36f344 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f263a01112566fede6925cf41d3ab69_JaffaCakes118
Size

280KB
Sample

240712-2j4c9swbmg
MD5

3f263a01112566fede6925cf41d3ab69
SHA1

0d6f3be6641c69934ba920a325c49373aff7ad8e
SHA256

61f6028c5cda2586d9555de043aeaadc94ffbf50e985fafb6fac686aec36f344
SHA512

7412813641d3620a1df9328dac7d80eb7aaa044b520737fe09893ba34c5736e2ea24b404dc82b11c4f9c4e26ab3e4c3988bffdb127b1c01a9c9808b441323d4a
SSDEEP

6144:SIYIpydVsZyxyK5R8GYKi1Xfvs1tzH51t+ewSReXNX/:WuydfiebOv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3f263a01112566fede6925cf41d3ab69_JaffaCakes118
- Size
  
  280KB
- MD5
  
  3f263a01112566fede6925cf41d3ab69
- SHA1
  
  0d6f3be6641c69934ba920a325c49373aff7ad8e
- SHA256
  
  61f6028c5cda2586d9555de043aeaadc94ffbf50e985fafb6fac686aec36f344
- SHA512
  
  7412813641d3620a1df9328dac7d80eb7aaa044b520737fe09893ba34c5736e2ea24b404dc82b11c4f9c4e26ab3e4c3988bffdb127b1c01a9c9808b441323d4a
- SSDEEP
  
  6144:SIYIpydVsZyxyK5R8GYKi1Xfvs1tzH51t+ewSReXNX/:WuydfiebOv
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence