a86e773f718f442e4e7b550f8889b116f68f66a0d221ff629c0b62d9ada37976 | Triage

Sharing

General

Target

d4212314e76c785c9fa7d9b7e7e9ffbd_JaffaCakes118
Size

60KB
Sample

240908-ma7l1azhml
MD5

d4212314e76c785c9fa7d9b7e7e9ffbd
SHA1

6eeac339c28e02a9452bce7f6ed9c785f9be20cb
SHA256

a86e773f718f442e4e7b550f8889b116f68f66a0d221ff629c0b62d9ada37976
SHA512

1f0087fd83ffb71514bc4ace0a6abcd7b546b426800ca3529b9146456538f8fecb16c1d2a84e38174b2ef50a487403acec4c698727015c398dd99b256ec9aa8d
SSDEEP

1536:n8DhEOyiDdKzGIwAsizIdjlOLNfqDgcA:Ihs4dKzODZd8LF51

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  d4212314e76c785c9fa7d9b7e7e9ffbd_JaffaCakes118
- Size
  
  60KB
- MD5
  
  d4212314e76c785c9fa7d9b7e7e9ffbd
- SHA1
  
  6eeac339c28e02a9452bce7f6ed9c785f9be20cb
- SHA256
  
  a86e773f718f442e4e7b550f8889b116f68f66a0d221ff629c0b62d9ada37976
- SHA512
  
  1f0087fd83ffb71514bc4ace0a6abcd7b546b426800ca3529b9146456538f8fecb16c1d2a84e38174b2ef50a487403acec4c698727015c398dd99b256ec9aa8d
- SSDEEP
  
  1536:n8DhEOyiDdKzGIwAsizIdjlOLNfqDgcA:Ihs4dKzODZd8LF51
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation