a7bba1b96873a8a39a2e590e1fd73d2fda6004f0350beabca602d27e28a46497 | Triage

Sharing

General

Target

5b04c788a0bef1d01b214986d0351952_JaffaCakes118
Size

88KB
Sample

240719-jh5wlazblk
MD5

5b04c788a0bef1d01b214986d0351952
SHA1

8ae8e8a013ae15b4d6f48265af09eec1c55a4568
SHA256

a7bba1b96873a8a39a2e590e1fd73d2fda6004f0350beabca602d27e28a46497
SHA512

e5c788b20a5734e511428bfd87671f79c72fd51f6acd5fca93a43ac4083cb52f009dbb17d8ad43b2b669e75d7600ebfca96554ad737617620b4c0c991657da06
SSDEEP

1536:u+mC+RIm8WP+zYpqdXBsYJWF+FBFIFGFYFcDSZVGa:H+RfT+9Z6P

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5b04c788a0bef1d01b214986d0351952_JaffaCakes118
- Size
  
  88KB
- MD5
  
  5b04c788a0bef1d01b214986d0351952
- SHA1
  
  8ae8e8a013ae15b4d6f48265af09eec1c55a4568
- SHA256
  
  a7bba1b96873a8a39a2e590e1fd73d2fda6004f0350beabca602d27e28a46497
- SHA512
  
  e5c788b20a5734e511428bfd87671f79c72fd51f6acd5fca93a43ac4083cb52f009dbb17d8ad43b2b669e75d7600ebfca96554ad737617620b4c0c991657da06
- SSDEEP
  
  1536:u+mC+RIm8WP+zYpqdXBsYJWF+FBFIFGFYFcDSZVGa:H+RfT+9Z6P
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence