3b89d382d1ecc957f461df8711d9906d180fd91cbb6e040c7841d02beaa5b12e | Triage

Sharing

General

Target

5b532b3c6e3cc47db2e9eb39291b79f0_JaffaCakes118
Size

52KB
Sample

240719-k9wmnsxblh
MD5

5b532b3c6e3cc47db2e9eb39291b79f0
SHA1

ebf4ee45f5419c5c097beeaf79018d43ea7fd91f
SHA256

3b89d382d1ecc957f461df8711d9906d180fd91cbb6e040c7841d02beaa5b12e
SHA512

1cfebaa7b3f69fbbeae1420b67cae64104c60326eb79ba9629a5060a971353cb9289fccd68b91b0ce14f065476dcb94bb7beb95c3d01309db1a8516fe459902f
SSDEEP

768:cyb1INnTwL4FalMc0pzQRjhEzOzmR4Gco1eunjkTu8RT4sktcawfEu4jW:9ywkBc0CczOzmWoAC8y5kER

Score

7^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5b532b3c6e3cc47db2e9eb39291b79f0_JaffaCakes118
- Size
  
  52KB
- MD5
  
  5b532b3c6e3cc47db2e9eb39291b79f0
- SHA1
  
  ebf4ee45f5419c5c097beeaf79018d43ea7fd91f
- SHA256
  
  3b89d382d1ecc957f461df8711d9906d180fd91cbb6e040c7841d02beaa5b12e
- SHA512
  
  1cfebaa7b3f69fbbeae1420b67cae64104c60326eb79ba9629a5060a971353cb9289fccd68b91b0ce14f065476dcb94bb7beb95c3d01309db1a8516fe459902f
- SSDEEP
  
  768:cyb1INnTwL4FalMc0pzQRjhEzOzmR4Gco1eunjkTu8RT4sktcawfEu4jW:9ywkBc0CczOzmWoAC8y5kER
Score

7^/10

evasion persistence trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan