beff1b6c2e4f9e7f37891260ed7bb42aaf34d2ce15b5a59cdabd878966b4d65d | Triage

Sharing

General

Target

eedc9a28c73589d9c19a08c9fb19d58a_JaffaCakes118
Size

445KB
Sample

240921-cfa5wazerl
MD5

eedc9a28c73589d9c19a08c9fb19d58a
SHA1

f130eb78670268fceacadc87afce7b8c7e7d15dd
SHA256

beff1b6c2e4f9e7f37891260ed7bb42aaf34d2ce15b5a59cdabd878966b4d65d
SHA512

c40020757ec7a17e0b90ef3151d6d156431e75618599bf849fc8a2d887e44319238a80398857541bb88ebdbb51d1efd02447b3686a7929fb27b6fd0a5163d17e
SSDEEP

12288:D1Mrn8ZAKhW/r3KbrDzzkuAAIVk88884TXCqqTG4n:D1MT8NyKbrnwpAeNvqT

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  eedc9a28c73589d9c19a08c9fb19d58a_JaffaCakes118
- Size
  
  445KB
- MD5
  
  eedc9a28c73589d9c19a08c9fb19d58a
- SHA1
  
  f130eb78670268fceacadc87afce7b8c7e7d15dd
- SHA256
  
  beff1b6c2e4f9e7f37891260ed7bb42aaf34d2ce15b5a59cdabd878966b4d65d
- SHA512
  
  c40020757ec7a17e0b90ef3151d6d156431e75618599bf849fc8a2d887e44319238a80398857541bb88ebdbb51d1efd02447b3686a7929fb27b6fd0a5163d17e
- SSDEEP
  
  12288:D1Mrn8ZAKhW/r3KbrDzzkuAAIVk88884TXCqqTG4n:D1MT8NyKbrnwpAeNvqT
Score

8^/10

discovery evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence