4e2296378a5ce5ed1e928c56d64bcc6d70d6c04b8dd1ebfb8622964d00372a6d | Triage

Sharing

General

Target

5e82f8f0d3966a1a42ad37a9a237e382_JaffaCakes118
Size

196KB
Sample

240720-bw1j2atfjc
MD5

5e82f8f0d3966a1a42ad37a9a237e382
SHA1

cb95a4665b977e52dad4decda27689ef8065e4b8
SHA256

4e2296378a5ce5ed1e928c56d64bcc6d70d6c04b8dd1ebfb8622964d00372a6d
SHA512

877738d662253c9a0179cabd080f86aaa46e162ce8a73a48da37bde252c98b389e7680bfab1fd45c6a5f1ebd564a10764ad1ffb77d90bc7824ec6dd0f9c3d421
SSDEEP

3072:iOaVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:i1VnPybzV8Oio0ctLTt08doLRO8qeg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5e82f8f0d3966a1a42ad37a9a237e382_JaffaCakes118
- Size
  
  196KB
- MD5
  
  5e82f8f0d3966a1a42ad37a9a237e382
- SHA1
  
  cb95a4665b977e52dad4decda27689ef8065e4b8
- SHA256
  
  4e2296378a5ce5ed1e928c56d64bcc6d70d6c04b8dd1ebfb8622964d00372a6d
- SHA512
  
  877738d662253c9a0179cabd080f86aaa46e162ce8a73a48da37bde252c98b389e7680bfab1fd45c6a5f1ebd564a10764ad1ffb77d90bc7824ec6dd0f9c3d421
- SSDEEP
  
  3072:iOaVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:i1VnPybzV8Oio0ctLTt08doLRO8qeg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence