436fd606f8d8fdad8fc61223654b1ffc17c0564bade6e6956f771029cc2d23a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f046d08194f53d977ab96d1fa31438e4_JaffaCakes118
Size

89KB
Sample

240415-erv1jagg4t
MD5

f046d08194f53d977ab96d1fa31438e4
SHA1

24e968936bf24247bb8b65ebfe9e61fadcfbfa56
SHA256

436fd606f8d8fdad8fc61223654b1ffc17c0564bade6e6956f771029cc2d23a8
SHA512

adc09b1c630003b12b052ae4693a5d5ace892b98359dbca070896713410028e33f6ebf90dcb3d7e1538a7c598b01fb58d39fd2d7aa385ef7ab56aa7d1442389a
SSDEEP

1536:77fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfzxiqOS:Xq6+ouCpk2mpcWJ0r+QNTBfzck

Score

8^/10

Malware Config

Targets

- Target
  
  f046d08194f53d977ab96d1fa31438e4_JaffaCakes118
- Size
  
  89KB
- MD5
  
  f046d08194f53d977ab96d1fa31438e4
- SHA1
  
  24e968936bf24247bb8b65ebfe9e61fadcfbfa56
- SHA256
  
  436fd606f8d8fdad8fc61223654b1ffc17c0564bade6e6956f771029cc2d23a8
- SHA512
  
  adc09b1c630003b12b052ae4693a5d5ace892b98359dbca070896713410028e33f6ebf90dcb3d7e1538a7c598b01fb58d39fd2d7aa385ef7ab56aa7d1442389a
- SSDEEP
  
  1536:77fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfzxiqOS:Xq6+ouCpk2mpcWJ0r+QNTBfzck
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2