b18ebd29fd3d67693f0e9386dfeeaf7ff8451db11314ab6db7ad59bc3c926434 | Triage

Sharing

General

Target

1516c28bb9b08a6822121f0e88567457_JaffaCakes118
Size

184KB
Sample

240505-ad6gwsbb72
MD5

1516c28bb9b08a6822121f0e88567457
SHA1

e28c3a2dd25faa80b18e41d6a3824dd6777944e3
SHA256

b18ebd29fd3d67693f0e9386dfeeaf7ff8451db11314ab6db7ad59bc3c926434
SHA512

a7f5bdd32e63aca7a5b7b085a4d40bcc0cf714b661cfc55f4d6cb3ed4eaa09e36180c73d44b01f9ce83e5f63f5b1c9d4c662838d05192d99c863f37c194948de
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3p:/7BSH8zUB+nGESaaRvoB7FJNndn4

Score

8^/10

execution

Malware Config

Targets

- Target
  
  1516c28bb9b08a6822121f0e88567457_JaffaCakes118
- Size
  
  184KB
- MD5
  
  1516c28bb9b08a6822121f0e88567457
- SHA1
  
  e28c3a2dd25faa80b18e41d6a3824dd6777944e3
- SHA256
  
  b18ebd29fd3d67693f0e9386dfeeaf7ff8451db11314ab6db7ad59bc3c926434
- SHA512
  
  a7f5bdd32e63aca7a5b7b085a4d40bcc0cf714b661cfc55f4d6cb3ed4eaa09e36180c73d44b01f9ce83e5f63f5b1c9d4c662838d05192d99c863f37c194948de
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3p:/7BSH8zUB+nGESaaRvoB7FJNndn4
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2