36b883e255d3682a5a4b5bf1f936a26871329085c8ac846d6362d70c58a0ce21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118
Size

228KB
Sample

240716-jvj5nasclk
MD5

4d7015aa8f495f7023eb7d12a677cff5
SHA1

a9f41214c0b1c3a86c355832b63be433b36c0a96
SHA256

36b883e255d3682a5a4b5bf1f936a26871329085c8ac846d6362d70c58a0ce21
SHA512

692a15188445f5b3c6330f2ac50a1bc1fafddf4b10ec33e2df2be67f79bd604f8e72b1226d32cb03561773d78fa91157a91673c8c806911b8ffe3605c29b010b
SSDEEP

6144:OuaJEFDFY0ph7n2/2Z5ie1O34lyzOWJz/zImABhU:OuaJEBO2lDZ5z1+zOWJzks

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4d7015aa8f495f7023eb7d12a677cff5_JaffaCakes118
- Size
  
  228KB
- MD5
  
  4d7015aa8f495f7023eb7d12a677cff5
- SHA1
  
  a9f41214c0b1c3a86c355832b63be433b36c0a96
- SHA256
  
  36b883e255d3682a5a4b5bf1f936a26871329085c8ac846d6362d70c58a0ce21
- SHA512
  
  692a15188445f5b3c6330f2ac50a1bc1fafddf4b10ec33e2df2be67f79bd604f8e72b1226d32cb03561773d78fa91157a91673c8c806911b8ffe3605c29b010b
- SSDEEP
  
  6144:OuaJEFDFY0ph7n2/2Z5ie1O34lyzOWJz/zImABhU:OuaJEBO2lDZ5z1+zOWJzks
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence