4255d53fc78b013d6beccf92f6309b90169c9d09466ae88c70da534b8cd476fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ff177e8b460a14404eb7e385f27b795_JaffaCakes118
Size

220KB
Sample

240713-dln5csvhkg
MD5

3ff177e8b460a14404eb7e385f27b795
SHA1

6e66406e1c8a31ae60c6d4cf5d2813f5c1780693
SHA256

4255d53fc78b013d6beccf92f6309b90169c9d09466ae88c70da534b8cd476fd
SHA512

ba0d2f86fdc313785181a5d1f5209900a733c0cd2f2238f485001d5e36cb0f8d3ed7fdda110c8f44eadce1e343e8a7e08f622cdcd7ac5bff51d21d101b513e8d
SSDEEP

3072:FAR1SrTnkY8YUL4qx9RIHgil3UuhSa3U3dD8d6Oy+MIrnj3JjNv:Q1S/nkx15x9SHVeOjf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3ff177e8b460a14404eb7e385f27b795_JaffaCakes118
- Size
  
  220KB
- MD5
  
  3ff177e8b460a14404eb7e385f27b795
- SHA1
  
  6e66406e1c8a31ae60c6d4cf5d2813f5c1780693
- SHA256
  
  4255d53fc78b013d6beccf92f6309b90169c9d09466ae88c70da534b8cd476fd
- SHA512
  
  ba0d2f86fdc313785181a5d1f5209900a733c0cd2f2238f485001d5e36cb0f8d3ed7fdda110c8f44eadce1e343e8a7e08f622cdcd7ac5bff51d21d101b513e8d
- SSDEEP
  
  3072:FAR1SrTnkY8YUL4qx9RIHgil3UuhSa3U3dD8d6Oy+MIrnj3JjNv:Q1S/nkx15x9SHVeOjf
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence