ce13c6d900e0a08e2e13e3a4deb9c96e453c87d71ddea53b00071f2d1d9e38a7 | Triage

Sharing

General

Target

41d2b31b5f8f00018bd12c74975e1f06_JaffaCakes118
Size

184KB
Sample

240514-rsg7aaba95
MD5

41d2b31b5f8f00018bd12c74975e1f06
SHA1

fc5127d7915e1c635c333ad315699fe7566a299b
SHA256

ce13c6d900e0a08e2e13e3a4deb9c96e453c87d71ddea53b00071f2d1d9e38a7
SHA512

28eba5f3ff42483414b067201b8e3cfbe57ff4367447d60e6314ecbba04950227c73134507b2443d4e0e66df28eb070d5b09ecf9d2108d26b2fc9b27cba26a05
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3v:/7BSH8zUB+nGESaaRvoB7FJNndn+

Score

8^/10

execution

Malware Config

Targets

- Target
  
  41d2b31b5f8f00018bd12c74975e1f06_JaffaCakes118
- Size
  
  184KB
- MD5
  
  41d2b31b5f8f00018bd12c74975e1f06
- SHA1
  
  fc5127d7915e1c635c333ad315699fe7566a299b
- SHA256
  
  ce13c6d900e0a08e2e13e3a4deb9c96e453c87d71ddea53b00071f2d1d9e38a7
- SHA512
  
  28eba5f3ff42483414b067201b8e3cfbe57ff4367447d60e6314ecbba04950227c73134507b2443d4e0e66df28eb070d5b09ecf9d2108d26b2fc9b27cba26a05
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3v:/7BSH8zUB+nGESaaRvoB7FJNndn+
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2