025323e8788ac16eed75028cfac47b77b699375b0ed8c5ae8f97bd950d37c778 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f799c98569b02abb9a3144eaf71c886_JaffaCakes118
Size

728KB
Sample

240713-anwqfazdmd
MD5

3f799c98569b02abb9a3144eaf71c886
SHA1

293b18e910e3c89477354e5a41257e797495a9ce
SHA256

025323e8788ac16eed75028cfac47b77b699375b0ed8c5ae8f97bd950d37c778
SHA512

f4397096d1d35ec79d41fa53f6238c1bfdea5dd75c636bccb0bb69e965e862ece4f8275f620fa0dbdbb880fbd3bf2ec219c60900ed96e54a83e8b9b24dbb600c
SSDEEP

12288:lEcF8D2K53tGcAOYYsLN2Z8bbX//meGDgGeItoEc9GspWZhASRXHYnrm6:lEc8H5fMLN2Kb7/rGlFtov9GsqRXHYrN

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  3f799c98569b02abb9a3144eaf71c886_JaffaCakes118
- Size
  
  728KB
- MD5
  
  3f799c98569b02abb9a3144eaf71c886
- SHA1
  
  293b18e910e3c89477354e5a41257e797495a9ce
- SHA256
  
  025323e8788ac16eed75028cfac47b77b699375b0ed8c5ae8f97bd950d37c778
- SHA512
  
  f4397096d1d35ec79d41fa53f6238c1bfdea5dd75c636bccb0bb69e965e862ece4f8275f620fa0dbdbb880fbd3bf2ec219c60900ed96e54a83e8b9b24dbb600c
- SSDEEP
  
  12288:lEcF8D2K53tGcAOYYsLN2Z8bbX//meGDgGeItoEc9GspWZhASRXHYnrm6:lEc8H5fMLN2Kb7/rGlFtov9GsqRXHYrN
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation