6bf5a2e6b49d2365dcc19f1b044b33d5bf0773cd10ba3c8e4437cd157fb2dbc4 | Triage

Sharing

General

Target

4944ca99d98314c70db0cf570739bd31_JaffaCakes118
Size

96KB
Sample

240715-ltbs1atakf
MD5

4944ca99d98314c70db0cf570739bd31
SHA1

404cd3536557f2546a12fe131e44825268b9555e
SHA256

6bf5a2e6b49d2365dcc19f1b044b33d5bf0773cd10ba3c8e4437cd157fb2dbc4
SHA512

51c30225e30a3afd51376bc63f3fb5d74c53ba44670d218773197945a5c0e775a87fba20e16ca46c94dce17b3eaf27b9b9a63294c39b9439b6704f3264797fe0
SSDEEP

1536:TnhBH9f6cOahJ3hykGulSc16l6u+NMMl/KlYv1T4hThFzNIjP:rvhJRHlu88FFzCP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4944ca99d98314c70db0cf570739bd31_JaffaCakes118
- Size
  
  96KB
- MD5
  
  4944ca99d98314c70db0cf570739bd31
- SHA1
  
  404cd3536557f2546a12fe131e44825268b9555e
- SHA256
  
  6bf5a2e6b49d2365dcc19f1b044b33d5bf0773cd10ba3c8e4437cd157fb2dbc4
- SHA512
  
  51c30225e30a3afd51376bc63f3fb5d74c53ba44670d218773197945a5c0e775a87fba20e16ca46c94dce17b3eaf27b9b9a63294c39b9439b6704f3264797fe0
- SSDEEP
  
  1536:TnhBH9f6cOahJ3hykGulSc16l6u+NMMl/KlYv1T4hThFzNIjP:rvhJRHlu88FFzCP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence