67cbea7ca4d4c39016cdb9e5b8f55ca75f6fce2c027e399f69600efb6e54d3c4 | Triage

Sharing

General

Target

49484dbde693a2ef69d270923cdc0f83_JaffaCakes118
Size

786KB
Sample

240715-lwrx1azhll
MD5

49484dbde693a2ef69d270923cdc0f83
SHA1

8bb1536ef515022218714d1ab3e7509fbfb74ff6
SHA256

67cbea7ca4d4c39016cdb9e5b8f55ca75f6fce2c027e399f69600efb6e54d3c4
SHA512

d396de2ca0b50039af5873bbc9e9e6e60bd17705b7d14b81d51b59d1d2d5cbbb03d00b4d2a9998d1f397d764fbe36395754c904cf9de361ef3062e8645eb2086
SSDEEP

24576:iRtsgpA45w9Af0/5JAZfdpDY0rqRXHYrmH:uvgP0rYHYo

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  49484dbde693a2ef69d270923cdc0f83_JaffaCakes118
- Size
  
  786KB
- MD5
  
  49484dbde693a2ef69d270923cdc0f83
- SHA1
  
  8bb1536ef515022218714d1ab3e7509fbfb74ff6
- SHA256
  
  67cbea7ca4d4c39016cdb9e5b8f55ca75f6fce2c027e399f69600efb6e54d3c4
- SHA512
  
  d396de2ca0b50039af5873bbc9e9e6e60bd17705b7d14b81d51b59d1d2d5cbbb03d00b4d2a9998d1f397d764fbe36395754c904cf9de361ef3062e8645eb2086
- SSDEEP
  
  24576:iRtsgpA45w9Af0/5JAZfdpDY0rqRXHYrmH:uvgP0rYHYo
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation