f4c0411d2221e59e9e206309199bdb53f203bf8ca6b32511dcf280e7abe643aa | Triage

Sharing

General

Target

63a4d3c0acd0de4b6071f5825efa3b18_JaffaCakes118
Size

3KB
Sample

240521-rzfl2ahc95
MD5

63a4d3c0acd0de4b6071f5825efa3b18
SHA1

015e4cefa50a7c0a8927a7d79959bc7bd4122e44
SHA256

f4c0411d2221e59e9e206309199bdb53f203bf8ca6b32511dcf280e7abe643aa
SHA512

0a9fae189e86275c74438a7d001ed8c0b081ee1a7637d08c009e5e1d2c630f68438e6f97a26d7e229050e4a853f3de59127a05284e4d0a009a0e36a1cda889d5

Score

8^/10

execution

Malware Config

Targets

- Target
  
  63a4d3c0acd0de4b6071f5825efa3b18_JaffaCakes118
- Size
  
  3KB
- MD5
  
  63a4d3c0acd0de4b6071f5825efa3b18
- SHA1
  
  015e4cefa50a7c0a8927a7d79959bc7bd4122e44
- SHA256
  
  f4c0411d2221e59e9e206309199bdb53f203bf8ca6b32511dcf280e7abe643aa
- SHA512
  
  0a9fae189e86275c74438a7d001ed8c0b081ee1a7637d08c009e5e1d2c630f68438e6f97a26d7e229050e4a853f3de59127a05284e4d0a009a0e36a1cda889d5
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2