ded55995480953866a7d1b1bc27ca1cfbd753a587b9e4c35c1bb844d2bed371d | Triage

Sharing

General

Target

0338b8f476692ba4daf5fde5693a3819_JaffaCakes118
Size

184KB
Sample

240427-pderhaac57
MD5

0338b8f476692ba4daf5fde5693a3819
SHA1

504777a0211073ddd83f1cbd0b1e13c7ec7d0c96
SHA256

ded55995480953866a7d1b1bc27ca1cfbd753a587b9e4c35c1bb844d2bed371d
SHA512

a63c0409192df8d6462c33a30917c4e6d35be985bedc3ca76a3af58da0354edd2b105416f6b30773abf8409764dd2b8c394b68aa9f63593e72a999106f48fc8c
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3pr:/7BSH8zUB+nGESaaRvoB7FJNndnKr

Score

8^/10

Malware Config

Targets

- Target
  
  0338b8f476692ba4daf5fde5693a3819_JaffaCakes118
- Size
  
  184KB
- MD5
  
  0338b8f476692ba4daf5fde5693a3819
- SHA1
  
  504777a0211073ddd83f1cbd0b1e13c7ec7d0c96
- SHA256
  
  ded55995480953866a7d1b1bc27ca1cfbd753a587b9e4c35c1bb844d2bed371d
- SHA512
  
  a63c0409192df8d6462c33a30917c4e6d35be985bedc3ca76a3af58da0354edd2b105416f6b30773abf8409764dd2b8c394b68aa9f63593e72a999106f48fc8c
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3pr:/7BSH8zUB+nGESaaRvoB7FJNndnKr
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2