8331e12ee8d73d21398f2d3013486398fe244002d15a024a3be740c6a2c481ee | Triage

Sharing

General

Target

6923456e8ab23bb8dc91f1d9049edeed_JaffaCakes118
Size

438KB
Sample

240723-12jadavbrh
MD5

6923456e8ab23bb8dc91f1d9049edeed
SHA1

b0282a956b89377f07765d2b2eb74b132975ee69
SHA256

8331e12ee8d73d21398f2d3013486398fe244002d15a024a3be740c6a2c481ee
SHA512

aaa4de9743e0b40910c3ec118d1c28f3688a382cf001d159ceed578ed30895e4124796164ac78bfd48826d8b11157152e1eb26d89e5b30ba8dc84fa68c30a93f
SSDEEP

12288:nM255nI71TVaR0GLNCDN3XpeTWnv7zxjIQkYz0q00/:M2kTiJCFZd6QkTq00

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  6923456e8ab23bb8dc91f1d9049edeed_JaffaCakes118
- Size
  
  438KB
- MD5
  
  6923456e8ab23bb8dc91f1d9049edeed
- SHA1
  
  b0282a956b89377f07765d2b2eb74b132975ee69
- SHA256
  
  8331e12ee8d73d21398f2d3013486398fe244002d15a024a3be740c6a2c481ee
- SHA512
  
  aaa4de9743e0b40910c3ec118d1c28f3688a382cf001d159ceed578ed30895e4124796164ac78bfd48826d8b11157152e1eb26d89e5b30ba8dc84fa68c30a93f
- SSDEEP
  
  12288:nM255nI71TVaR0GLNCDN3XpeTWnv7zxjIQkYz0q00/:M2kTiJCFZd6QkTq00
Score

8^/10

discovery evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence