1d21f633b5beec96b5a777690fbbb3e4f1e2f766a9282dcce967c1100e654ccc | Triage

Sharing

General

Target

17d5ceebf106e989b0b4cabcdb9123dc_JaffaCakes118
Size

184KB
Sample

240505-qfmesseb66
MD5

17d5ceebf106e989b0b4cabcdb9123dc
SHA1

95f7aabc5cbc6541160dcec0268dd89b3bf37099
SHA256

1d21f633b5beec96b5a777690fbbb3e4f1e2f766a9282dcce967c1100e654ccc
SHA512

f6cbaa4c343922aafb9499c2f58c5f399a8cfaa7d8e3a3dab96bdd3b3a0ddcb5a7c9512c1d731097a48fbbbd3fecf5a9b00e244875b90c356f95ec9dd6fb5271
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO35m:/7BSH8zUB+nGESaaRvoB7FJNndnam

Score

8^/10

execution

Malware Config

Targets

- Target
  
  17d5ceebf106e989b0b4cabcdb9123dc_JaffaCakes118
- Size
  
  184KB
- MD5
  
  17d5ceebf106e989b0b4cabcdb9123dc
- SHA1
  
  95f7aabc5cbc6541160dcec0268dd89b3bf37099
- SHA256
  
  1d21f633b5beec96b5a777690fbbb3e4f1e2f766a9282dcce967c1100e654ccc
- SHA512
  
  f6cbaa4c343922aafb9499c2f58c5f399a8cfaa7d8e3a3dab96bdd3b3a0ddcb5a7c9512c1d731097a48fbbbd3fecf5a9b00e244875b90c356f95ec9dd6fb5271
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO35m:/7BSH8zUB+nGESaaRvoB7FJNndnam
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2