878ae9a616b6d598a827c71a1b90f2b07c3495069caa26c63b3cc1741a65936f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbc388cf49c8453e75d3115543030b84_JaffaCakes118
Size

60KB
Sample

240928-hzsf6ashkm
MD5

fbc388cf49c8453e75d3115543030b84
SHA1

0ef7ba5db1ab9912faf3899dbf043fbd40be2021
SHA256

878ae9a616b6d598a827c71a1b90f2b07c3495069caa26c63b3cc1741a65936f
SHA512

888c0feb2fc673bb25a43b97fdd761ad600fbceea18313328302e6bf539198318b9dd33ea04d8660ecc333d22a51d49626cc02e1d62620b247311040fa1db337
SSDEEP

768:/BZX+Nzp4mjNx4Ss4l6iE18++uWdB9GBc81f+Iw5BLJUXNPgH9nmscY:/Pdc2inuWdB9r8YXPJY2BmscY

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  fbc388cf49c8453e75d3115543030b84_JaffaCakes118
- Size
  
  60KB
- MD5
  
  fbc388cf49c8453e75d3115543030b84
- SHA1
  
  0ef7ba5db1ab9912faf3899dbf043fbd40be2021
- SHA256
  
  878ae9a616b6d598a827c71a1b90f2b07c3495069caa26c63b3cc1741a65936f
- SHA512
  
  888c0feb2fc673bb25a43b97fdd761ad600fbceea18313328302e6bf539198318b9dd33ea04d8660ecc333d22a51d49626cc02e1d62620b247311040fa1db337
- SSDEEP
  
  768:/BZX+Nzp4mjNx4Ss4l6iE18++uWdB9GBc81f+Iw5BLJUXNPgH9nmscY:/Pdc2inuWdB9r8YXPJY2BmscY
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation