fb306933ed475cc087e80087fc0af66fa52a70afd178dae97a70aa6abe295f8d | Triage

Sharing

General

Target

ed556376b201b84eb9858dc59151dff8_JaffaCakes118
Size

219KB
Sample

240920-ltjtls1alm
MD5

ed556376b201b84eb9858dc59151dff8
SHA1

f1baf3a89a0adf4a0d197cab13e0fc2587ae22dd
SHA256

fb306933ed475cc087e80087fc0af66fa52a70afd178dae97a70aa6abe295f8d
SHA512

8e87dfa66fe089b980625346621317f6d164c385fd222d66e056039e84530dcec54ef8f2d644f1eb09a30209ca80a2603cd0e77a17a51fce6613401761f1662a
SSDEEP

3072:PyySTzVpx3NTloZg5Zsq2A8TuIWQ1JtT7HuTdyf7OqU9lJaiR08HxjJM:qyST5v3ZlYcZs5yIbzvfXU9lHRl

Score

10^/10

defense_evasion discovery evasion persistence trojan upx

Malware Config

Targets

- Target
  
  ed556376b201b84eb9858dc59151dff8_JaffaCakes118
- Size
  
  219KB
- MD5
  
  ed556376b201b84eb9858dc59151dff8
- SHA1
  
  f1baf3a89a0adf4a0d197cab13e0fc2587ae22dd
- SHA256
  
  fb306933ed475cc087e80087fc0af66fa52a70afd178dae97a70aa6abe295f8d
- SHA512
  
  8e87dfa66fe089b980625346621317f6d164c385fd222d66e056039e84530dcec54ef8f2d644f1eb09a30209ca80a2603cd0e77a17a51fce6613401761f1662a
- SSDEEP
  
  3072:PyySTzVpx3NTloZg5Zsq2A8TuIWQ1JtT7HuTdyf7OqU9lJaiR08HxjJM:qyST5v3ZlYcZs5yIbzvfXU9lHRl
Score

10^/10

defense_evasion discovery evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistencetrojan

behavioral2

defense_evasiondiscoveryevasionpersistenceupx