d369380817835374ca2244b9cc17d6bb4d2536b1225eaec20cc389bc9d154c25 | Triage

Sharing

General

Target

56e43969a4ca0ecbc1523c0f608c693c_JaffaCakes118
Size

50KB
Sample

240518-1cln7sgf21
MD5

56e43969a4ca0ecbc1523c0f608c693c
SHA1

3cefd7e1242c4c42f4c3c0383d44096a1b2fb9a8
SHA256

d369380817835374ca2244b9cc17d6bb4d2536b1225eaec20cc389bc9d154c25
SHA512

e13b5fdf547d77bd302a30710a22d9d03d181783f485d134fd10aaf47a41672b42b24fc0e5f5f2ed4a261dc011e30933ba72caa8611bda8ae4d1ba905e00f743
SSDEEP

1536:atO57RiOfWv6wHBpQmMiriEgLq44rqYd+wMV7:acov6Bmds/WqYd+n

Score

8^/10

execution motw phishing

Malware Config

Targets

- Target
  
  56e43969a4ca0ecbc1523c0f608c693c_JaffaCakes118
- Size
  
  50KB
- MD5
  
  56e43969a4ca0ecbc1523c0f608c693c
- SHA1
  
  3cefd7e1242c4c42f4c3c0383d44096a1b2fb9a8
- SHA256
  
  d369380817835374ca2244b9cc17d6bb4d2536b1225eaec20cc389bc9d154c25
- SHA512
  
  e13b5fdf547d77bd302a30710a22d9d03d181783f485d134fd10aaf47a41672b42b24fc0e5f5f2ed4a261dc011e30933ba72caa8611bda8ae4d1ba905e00f743
- SSDEEP
  
  1536:atO57RiOfWv6wHBpQmMiriEgLq44rqYd+wMV7:acov6Bmds/WqYd+n
Score

8^/10

execution motw phishing
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionmotwphishing

behavioral2

executionmotwphishing