0f4188d311f4464a368898c72050b1aa927ee3cc64107cc94054b6a12f52e613 | Triage

Sharing

General

Target

a271affac1e4f1d51940d6794f7b2f21_JaffaCakes118
Size

225KB
Sample

240817-n6kmsaxcrq
MD5

a271affac1e4f1d51940d6794f7b2f21
SHA1

ef509f7146f8abb15aa33821c33dde87ce167a30
SHA256

0f4188d311f4464a368898c72050b1aa927ee3cc64107cc94054b6a12f52e613
SHA512

17a073964f2ffd2e88f846ae4e70010e9fae4d9bca08d21df81a174cc9fe4e3a2349e5db3f3c03e1275c216296a33d1dd6fe3cc7b1a1bcd0aa2d3b63c80d9ea7
SSDEEP

6144:ihgNGaz1LLJpc0gs6lMppZ0jfiMdySKod:v7z1HJpAs6lM90WMdySKo

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  a271affac1e4f1d51940d6794f7b2f21_JaffaCakes118
- Size
  
  225KB
- MD5
  
  a271affac1e4f1d51940d6794f7b2f21
- SHA1
  
  ef509f7146f8abb15aa33821c33dde87ce167a30
- SHA256
  
  0f4188d311f4464a368898c72050b1aa927ee3cc64107cc94054b6a12f52e613
- SHA512
  
  17a073964f2ffd2e88f846ae4e70010e9fae4d9bca08d21df81a174cc9fe4e3a2349e5db3f3c03e1275c216296a33d1dd6fe3cc7b1a1bcd0aa2d3b63c80d9ea7
- SSDEEP
  
  6144:ihgNGaz1LLJpc0gs6lMppZ0jfiMdySKod:v7z1HJpAs6lM90WMdySKo
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion