91f6664367c667795de6cee7724e59378e88ba0ed0082c02a33c92f31e3e3ca5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b3fb73c24a92c223f6c1ba13aadca77_JaffaCakes118
Size

292KB
Sample

240719-kt7d8swckc
MD5

5b3fb73c24a92c223f6c1ba13aadca77
SHA1

c0bcffb53b67ddbc4a947a0fbff4dcff98b812d4
SHA256

91f6664367c667795de6cee7724e59378e88ba0ed0082c02a33c92f31e3e3ca5
SHA512

a61484154747badb09d796e0d9c8ada9797aafbcacd399c1bd07a31160413fe07420e37b49331e1341783e7d6f658b566eeef6c0bb0cc38d6c53e4526509769c
SSDEEP

1536:uwzS9+H8HYiH72PrGGUQLJjk/Jj/9/mck8K1JZ:fS9BHkL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5b3fb73c24a92c223f6c1ba13aadca77_JaffaCakes118
- Size
  
  292KB
- MD5
  
  5b3fb73c24a92c223f6c1ba13aadca77
- SHA1
  
  c0bcffb53b67ddbc4a947a0fbff4dcff98b812d4
- SHA256
  
  91f6664367c667795de6cee7724e59378e88ba0ed0082c02a33c92f31e3e3ca5
- SHA512
  
  a61484154747badb09d796e0d9c8ada9797aafbcacd399c1bd07a31160413fe07420e37b49331e1341783e7d6f658b566eeef6c0bb0cc38d6c53e4526509769c
- SSDEEP
  
  1536:uwzS9+H8HYiH72PrGGUQLJjk/Jj/9/mck8K1JZ:fS9BHkL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence