9fe32816d3c41cbe3b7cd9494348f7534de97d518f069ccae174031a461bb3d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

626afe98fbbaacde79766c44392185ea_JaffaCakes118
Size

152KB
Sample

240722-jx87kaxdnn
MD5

626afe98fbbaacde79766c44392185ea
SHA1

df9ebf4f1996abf2766540a4ec9baecad4fe8141
SHA256

9fe32816d3c41cbe3b7cd9494348f7534de97d518f069ccae174031a461bb3d8
SHA512

04f80b776ee173b71587ff481fcd662d15f2020f83d491ce96765e4f19807e518d435b15496dd68b2834efbed5d0e3f5e66507834d6f72c8e761702180a81d92
SSDEEP

3072:qMGVPYYh0ZB++7DxNUbaxIcz93bOButK+Fol:o+7DxVh3bHCl

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  626afe98fbbaacde79766c44392185ea_JaffaCakes118
- Size
  
  152KB
- MD5
  
  626afe98fbbaacde79766c44392185ea
- SHA1
  
  df9ebf4f1996abf2766540a4ec9baecad4fe8141
- SHA256
  
  9fe32816d3c41cbe3b7cd9494348f7534de97d518f069ccae174031a461bb3d8
- SHA512
  
  04f80b776ee173b71587ff481fcd662d15f2020f83d491ce96765e4f19807e518d435b15496dd68b2834efbed5d0e3f5e66507834d6f72c8e761702180a81d92
- SSDEEP
  
  3072:qMGVPYYh0ZB++7DxNUbaxIcz93bOButK+Fol:o+7DxVh3bHCl
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence