9920fd4fbfeed87a1cf1eeed1794cbe147999bb2720a0957276ae3452490c8aa | Triage

Sharing

General

Target

a43aaf16b8ed1cb8cc556852d8365975_JaffaCakes118
Size

76KB
Sample

240817-1gpaws1dkm
MD5

a43aaf16b8ed1cb8cc556852d8365975
SHA1

cb777d56cb774fa5e3a1f6af0e99bfc3c40e8190
SHA256

9920fd4fbfeed87a1cf1eeed1794cbe147999bb2720a0957276ae3452490c8aa
SHA512

e1a277d7e56c963529a25dbecf8bde8e5d34a2343bc78d842bccbd221eea6cb76767b086c736653a20b3bbdbe9bc7b6a13a9a89ca228dd47e5e2e39c3dea287a
SSDEEP

1536:iibNxmlI7lBZUNlqkj12oLc/bxqnoYxiFou98Z54QaNUqePj:xpxqAaNYkj12acjwoLd9o54DNUqE

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  a43aaf16b8ed1cb8cc556852d8365975_JaffaCakes118
- Size
  
  76KB
- MD5
  
  a43aaf16b8ed1cb8cc556852d8365975
- SHA1
  
  cb777d56cb774fa5e3a1f6af0e99bfc3c40e8190
- SHA256
  
  9920fd4fbfeed87a1cf1eeed1794cbe147999bb2720a0957276ae3452490c8aa
- SHA512
  
  e1a277d7e56c963529a25dbecf8bde8e5d34a2343bc78d842bccbd221eea6cb76767b086c736653a20b3bbdbe9bc7b6a13a9a89ca228dd47e5e2e39c3dea287a
- SSDEEP
  
  1536:iibNxmlI7lBZUNlqkj12oLc/bxqnoYxiFou98Z54QaNUqePj:xpxqAaNYkj12acjwoLd9o54DNUqE
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistence