3af259a408a9125799299da641bf453571e1c8e1c07948fb222cd8987514211a | Triage

Sharing

General

Target

de3887dc05ec99f98ac67ccf91d98f95_JaffaCakes118
Size

468KB
Sample

240913-mtq4csybqk
MD5

de3887dc05ec99f98ac67ccf91d98f95
SHA1

dd766453f4731d0354affc6bc336e67c7eab6652
SHA256

3af259a408a9125799299da641bf453571e1c8e1c07948fb222cd8987514211a
SHA512

b04e9d52b86aeac5c4a0b2425c8e7b3f072c4afb87e6d4515d32f0ef89505df30f344ece03392bcb13eec98abe5bb445d664d701ad454e6d975d2849b0addd64
SSDEEP

12288:KsAcUOa2iLPZwq8GUZOpGrclON+N/yBdNldy3:YcUOELhS2Yg08qldy

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  de3887dc05ec99f98ac67ccf91d98f95_JaffaCakes118
- Size
  
  468KB
- MD5
  
  de3887dc05ec99f98ac67ccf91d98f95
- SHA1
  
  dd766453f4731d0354affc6bc336e67c7eab6652
- SHA256
  
  3af259a408a9125799299da641bf453571e1c8e1c07948fb222cd8987514211a
- SHA512
  
  b04e9d52b86aeac5c4a0b2425c8e7b3f072c4afb87e6d4515d32f0ef89505df30f344ece03392bcb13eec98abe5bb445d664d701ad454e6d975d2849b0addd64
- SSDEEP
  
  12288:KsAcUOa2iLPZwq8GUZOpGrclON+N/yBdNldy3:YcUOELhS2Yg08qldy
Score

8^/10

discovery evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence