4b17715bd10795e2341c0653cdcabe9a83116d038452252fe149411f81e5015e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c447877e6db28d3ab60b8ee9e84796f_JaffaCakes118
Size

252KB
Sample

240716-bze3ha1hme
MD5

4c447877e6db28d3ab60b8ee9e84796f
SHA1

574a5dab3a62d21017fdb90863128a1a40d75e52
SHA256

4b17715bd10795e2341c0653cdcabe9a83116d038452252fe149411f81e5015e
SHA512

6bb8be3e5faf52b12a469f7e27932cb325a2933952c12b6b39e1fa97db90be5c979a515588e38fc163b4e637e8e78afe813a0084d351f0c2ea3f915558fc3910
SSDEEP

6144:kE3sxRpLPGO/7YBNPVlVRgoEA9Qx2fKHEZXrUEQO+:AVjwPVlVRgoEA9Qx2fKHEZXrby

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4c447877e6db28d3ab60b8ee9e84796f_JaffaCakes118
- Size
  
  252KB
- MD5
  
  4c447877e6db28d3ab60b8ee9e84796f
- SHA1
  
  574a5dab3a62d21017fdb90863128a1a40d75e52
- SHA256
  
  4b17715bd10795e2341c0653cdcabe9a83116d038452252fe149411f81e5015e
- SHA512
  
  6bb8be3e5faf52b12a469f7e27932cb325a2933952c12b6b39e1fa97db90be5c979a515588e38fc163b4e637e8e78afe813a0084d351f0c2ea3f915558fc3910
- SSDEEP
  
  6144:kE3sxRpLPGO/7YBNPVlVRgoEA9Qx2fKHEZXrUEQO+:AVjwPVlVRgoEA9Qx2fKHEZXrby
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence