98a50b379d878ae0f9df4bf74e38f3aae7e28aaea8aa7a3476bb87f5ba369f7c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4049c789dc765cef641fcb44e8e5a8fb_JaffaCakes118
Size

236KB
Sample

240713-flayvawhjj
MD5

4049c789dc765cef641fcb44e8e5a8fb
SHA1

531292c6162cf651e8e507df37ccde030ae99263
SHA256

98a50b379d878ae0f9df4bf74e38f3aae7e28aaea8aa7a3476bb87f5ba369f7c
SHA512

d8f0eccf833a7cee70e5f2979d96509a40194102ef63873adb4b2e2f98fce72311b698d3c65bfa26ea8ce3c5d287a3a168cc8b0ce970f6e9364f19f13858f95a
SSDEEP

6144:P5i0k3vnS/Gi+YdQEp9szHR8uBAoW0EOIp5JO:s0k3vnS/Gi+YdQEp9szHR8uBAo/Sg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4049c789dc765cef641fcb44e8e5a8fb_JaffaCakes118
- Size
  
  236KB
- MD5
  
  4049c789dc765cef641fcb44e8e5a8fb
- SHA1
  
  531292c6162cf651e8e507df37ccde030ae99263
- SHA256
  
  98a50b379d878ae0f9df4bf74e38f3aae7e28aaea8aa7a3476bb87f5ba369f7c
- SHA512
  
  d8f0eccf833a7cee70e5f2979d96509a40194102ef63873adb4b2e2f98fce72311b698d3c65bfa26ea8ce3c5d287a3a168cc8b0ce970f6e9364f19f13858f95a
- SSDEEP
  
  6144:P5i0k3vnS/Gi+YdQEp9szHR8uBAoW0EOIp5JO:s0k3vnS/Gi+YdQEp9szHR8uBAo/Sg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence