3a383178231c29a84cc4d83cbe5dc00131fd97b088fd9136df68347717cc2808 | Triage

Sharing

General

Target

bf50001b34591160cfe4feba3c519ade_JaffaCakes118
Size

36KB
Sample

240824-yvtresydnn
MD5

bf50001b34591160cfe4feba3c519ade
SHA1

8d3b6830599b3c00d00161cbf7fd9856efe6c87c
SHA256

3a383178231c29a84cc4d83cbe5dc00131fd97b088fd9136df68347717cc2808
SHA512

9d8091890cbe7e71ec13feef8bd5260171d43cdf4667587aaafdaacdab2985f2e24ffac179c55adbea943d07f7761f7187021b85d7fc07e334218e6d58ad367f
SSDEEP

768:kjgiGxy+is1M6BDRK97J3+ZFWo2iU+7ww:AMy+TQYFW8ww

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  bf50001b34591160cfe4feba3c519ade_JaffaCakes118
- Size
  
  36KB
- MD5
  
  bf50001b34591160cfe4feba3c519ade
- SHA1
  
  8d3b6830599b3c00d00161cbf7fd9856efe6c87c
- SHA256
  
  3a383178231c29a84cc4d83cbe5dc00131fd97b088fd9136df68347717cc2808
- SHA512
  
  9d8091890cbe7e71ec13feef8bd5260171d43cdf4667587aaafdaacdab2985f2e24ffac179c55adbea943d07f7761f7187021b85d7fc07e334218e6d58ad367f
- SSDEEP
  
  768:kjgiGxy+is1M6BDRK97J3+ZFWo2iU+7ww:AMy+TQYFW8ww
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation