f5ac6d5ec49661b7269ece4edaa931545a7902c767bd91cde1dbc9c8d128bf84 | Triage

Sharing

General

Target

6763416d3a5f38070cb64a532f1dc856_JaffaCakes118
Size

92KB
Sample

240723-nh2ldstfrn
MD5

6763416d3a5f38070cb64a532f1dc856
SHA1

5bbc6c8e30981ab8b8f74723094435420c4a5bd7
SHA256

f5ac6d5ec49661b7269ece4edaa931545a7902c767bd91cde1dbc9c8d128bf84
SHA512

0e3c765673935688ab283c905b5f636b3ab130164f645ec2ab1a8115ab69a0455a70fc83913b6f0c8563c516979dccf5256de3cff99fe6af5a59044d8bba569f
SSDEEP

1536:tahiOd0FEJ6kri7hwj4Pnv/rvyvJvSvbvfv3yPHpi+a:MhiOdW1mmyPQX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6763416d3a5f38070cb64a532f1dc856_JaffaCakes118
- Size
  
  92KB
- MD5
  
  6763416d3a5f38070cb64a532f1dc856
- SHA1
  
  5bbc6c8e30981ab8b8f74723094435420c4a5bd7
- SHA256
  
  f5ac6d5ec49661b7269ece4edaa931545a7902c767bd91cde1dbc9c8d128bf84
- SHA512
  
  0e3c765673935688ab283c905b5f636b3ab130164f645ec2ab1a8115ab69a0455a70fc83913b6f0c8563c516979dccf5256de3cff99fe6af5a59044d8bba569f
- SSDEEP
  
  1536:tahiOd0FEJ6kri7hwj4Pnv/rvyvJvSvbvfv3yPHpi+a:MhiOdW1mmyPQX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence