41f13f96f78be799112e4a533e8a55bacada6d56e9fbd0f2aa9ee4d3cd154706 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0da08a71e57c1f4bd11a048f5221a483_JaffaCakes118
Size

184KB
Sample

240502-f6cceaca96
MD5

0da08a71e57c1f4bd11a048f5221a483
SHA1

b1688418a118353d15eebcd8bc27344f75bdd2d4
SHA256

41f13f96f78be799112e4a533e8a55bacada6d56e9fbd0f2aa9ee4d3cd154706
SHA512

6c353d6b8aaf2afbabca4ba509a148b87be61e9d727205099a93047cadcaff4758ed805d9fdce915c604da4a6256587d545b66cd0db1c50c19bbae246a645932
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3O:/7BSH8zUB+nGESaaRvoB7FJNndn3

Score

8^/10

Malware Config

Targets

- Target
  
  0da08a71e57c1f4bd11a048f5221a483_JaffaCakes118
- Size
  
  184KB
- MD5
  
  0da08a71e57c1f4bd11a048f5221a483
- SHA1
  
  b1688418a118353d15eebcd8bc27344f75bdd2d4
- SHA256
  
  41f13f96f78be799112e4a533e8a55bacada6d56e9fbd0f2aa9ee4d3cd154706
- SHA512
  
  6c353d6b8aaf2afbabca4ba509a148b87be61e9d727205099a93047cadcaff4758ed805d9fdce915c604da4a6256587d545b66cd0db1c50c19bbae246a645932
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3O:/7BSH8zUB+nGESaaRvoB7FJNndn3
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2