4bee84a86ca6c52ec64d162d455827e43a0609e89ea751447b78a7f7b2a7a170 | Triage

Sharing

General

Target

a6c23464fd33b67c2255183f0a2de9da_JaffaCakes118
Size

48KB
Sample

240818-p81bpavalg
MD5

a6c23464fd33b67c2255183f0a2de9da
SHA1

b1329ea025274f56d86b4a907996af6bb093bf1e
SHA256

4bee84a86ca6c52ec64d162d455827e43a0609e89ea751447b78a7f7b2a7a170
SHA512

7e3fb35716db7a29ad921f4086157bdafa6877e678e569316e4a470401b28714515a1601cf9b999ddc06b77249d87dacfe49d1833a173962c4bacb84a947c4f9
SSDEEP

768:ye5hAwc6gzsPvkWNUzhew59jC1+J8LBVqybTst1qqruQfLfdDC5T6wfV:yeL97ZEeUzJOMJ8lxToNLFiOQ

Score

8^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  a6c23464fd33b67c2255183f0a2de9da_JaffaCakes118
- Size
  
  48KB
- MD5
  
  a6c23464fd33b67c2255183f0a2de9da
- SHA1
  
  b1329ea025274f56d86b4a907996af6bb093bf1e
- SHA256
  
  4bee84a86ca6c52ec64d162d455827e43a0609e89ea751447b78a7f7b2a7a170
- SHA512
  
  7e3fb35716db7a29ad921f4086157bdafa6877e678e569316e4a470401b28714515a1601cf9b999ddc06b77249d87dacfe49d1833a173962c4bacb84a947c4f9
- SSDEEP
  
  768:ye5hAwc6gzsPvkWNUzhew59jC1+J8LBVqybTst1qqruQfLfdDC5T6wfV:yeL97ZEeUzJOMJ8lxToNLFiOQ
Score

8^/10

discovery evasion execution persistence
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistence

behavioral2

discoveryevasionexecutionpersistence