c2820ffbd608aef02b649b256cac166c36a16c727ed33be38143b30a372ecbcf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c28ea151abbf5be3227740602220e66_JaffaCakes118
Size

240KB
Sample

240716-bbvhaaxfpl
MD5

4c28ea151abbf5be3227740602220e66
SHA1

3a4c3a7b2d3ce0f53232119fa731ffd854e8a5ef
SHA256

c2820ffbd608aef02b649b256cac166c36a16c727ed33be38143b30a372ecbcf
SHA512

9e67cd7c356e3727af56104bfa1604e6d67effb8ed5e256ab921ea30e96ce483789bdcb5950f871ba26fb9f63cab7186592639da4c2d5cf7a63927efed8b0ed1
SSDEEP

6144:iUa3dwqsNwemAB0EqxF6snji81RUinKchhy6SQ:ydQQJsV

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4c28ea151abbf5be3227740602220e66_JaffaCakes118
- Size
  
  240KB
- MD5
  
  4c28ea151abbf5be3227740602220e66
- SHA1
  
  3a4c3a7b2d3ce0f53232119fa731ffd854e8a5ef
- SHA256
  
  c2820ffbd608aef02b649b256cac166c36a16c727ed33be38143b30a372ecbcf
- SHA512
  
  9e67cd7c356e3727af56104bfa1604e6d67effb8ed5e256ab921ea30e96ce483789bdcb5950f871ba26fb9f63cab7186592639da4c2d5cf7a63927efed8b0ed1
- SSDEEP
  
  6144:iUa3dwqsNwemAB0EqxF6snji81RUinKchhy6SQ:ydQQJsV
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence