ce9f2150a8d10298eb99ebb093ccbbac65cc43b019c1c5c5494384fd99a7a9bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47f5395ab23dda86d27528f3be63d666_JaffaCakes118
Size

561KB
Sample

240715-dnk6gsvgkn
MD5

47f5395ab23dda86d27528f3be63d666
SHA1

35646ff03776d0ff514841a9b056ee78078f289d
SHA256

ce9f2150a8d10298eb99ebb093ccbbac65cc43b019c1c5c5494384fd99a7a9bd
SHA512

c6b783ca66d45077cb7d2fe7ca0e14c27d155689185755f892b4e7980c2948cdf1e3348be1fa1c914b4f2417ffa9cca5a0e634d1b9f902126e19b1f02b34b514
SSDEEP

12288:VfokwsXDLrrFtjJ4w4QpdH9QBMMnMMMMM9yVDEyv0LdcU+pJriu8OaCX:RowXHrrz9OBMMnMMMMM8nUSJWu8iX

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  47f5395ab23dda86d27528f3be63d666_JaffaCakes118
- Size
  
  561KB
- MD5
  
  47f5395ab23dda86d27528f3be63d666
- SHA1
  
  35646ff03776d0ff514841a9b056ee78078f289d
- SHA256
  
  ce9f2150a8d10298eb99ebb093ccbbac65cc43b019c1c5c5494384fd99a7a9bd
- SHA512
  
  c6b783ca66d45077cb7d2fe7ca0e14c27d155689185755f892b4e7980c2948cdf1e3348be1fa1c914b4f2417ffa9cca5a0e634d1b9f902126e19b1f02b34b514
- SSDEEP
  
  12288:VfokwsXDLrrFtjJ4w4QpdH9QBMMnMMMMM9yVDEyv0LdcU+pJriu8OaCX:RowXHrrz9OBMMnMMMMM8nUSJWu8iX
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence