0aef999386f2e78feb0597d96dc395f59ff40128ee80fbeaef82a1af643b3cd1 | Triage

Sharing

General

Target

65db1ed7a70e9f5c9278f7ee2467af10_JaffaCakes118
Size

731KB
Sample

240723-db99vatfpk
MD5

65db1ed7a70e9f5c9278f7ee2467af10
SHA1

fa748afc18507d19b3557ad430cfb1ab2259c1c6
SHA256

0aef999386f2e78feb0597d96dc395f59ff40128ee80fbeaef82a1af643b3cd1
SHA512

f98aebe4162cd1dddf6904b6a8e1d941d5730e311060b3f781c33394ad86e62459e35582f4522b1155858e1661000d58d3b2ea503057c9f84ead6e45df006bf6
SSDEEP

12288:Jaingtd/9iCpVEZxzraxdUdpm1FmjnDgGeIttwoPR5pWZhAIRXHYnrm5:JaigD/ArravUds1wnlFttwYQRXHYrm5

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  65db1ed7a70e9f5c9278f7ee2467af10_JaffaCakes118
- Size
  
  731KB
- MD5
  
  65db1ed7a70e9f5c9278f7ee2467af10
- SHA1
  
  fa748afc18507d19b3557ad430cfb1ab2259c1c6
- SHA256
  
  0aef999386f2e78feb0597d96dc395f59ff40128ee80fbeaef82a1af643b3cd1
- SHA512
  
  f98aebe4162cd1dddf6904b6a8e1d941d5730e311060b3f781c33394ad86e62459e35582f4522b1155858e1661000d58d3b2ea503057c9f84ead6e45df006bf6
- SSDEEP
  
  12288:Jaingtd/9iCpVEZxzraxdUdpm1FmjnDgGeIttwoPR5pWZhAIRXHYnrm5:JaigD/ArravUds1wnlFttwYQRXHYrm5
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation