7a8c0421b30ede4d8c087a4273a1b2a707c118a5e7db97dfc9d04c0d9dc45791 | Triage

Sharing

General

Target

693af6c78d4d741fbd604f78c4d4dfcd_JaffaCakes118
Size

2KB
Sample

240523-bep2zaga32
MD5

693af6c78d4d741fbd604f78c4d4dfcd
SHA1

1369a8ec12f788b9df487e7500efcdb1aa18bb54
SHA256

7a8c0421b30ede4d8c087a4273a1b2a707c118a5e7db97dfc9d04c0d9dc45791
SHA512

acb95368819667942c435e968f930a274f3ce06b39a917c747360387c4259c71072b8f1ae2adafda32277658da84465f91c1befd493d8e4576ba6d35c229ed30

Score

8^/10

execution

Malware Config

Targets

- Target
  
  693af6c78d4d741fbd604f78c4d4dfcd_JaffaCakes118
- Size
  
  2KB
- MD5
  
  693af6c78d4d741fbd604f78c4d4dfcd
- SHA1
  
  1369a8ec12f788b9df487e7500efcdb1aa18bb54
- SHA256
  
  7a8c0421b30ede4d8c087a4273a1b2a707c118a5e7db97dfc9d04c0d9dc45791
- SHA512
  
  acb95368819667942c435e968f930a274f3ce06b39a917c747360387c4259c71072b8f1ae2adafda32277658da84465f91c1befd493d8e4576ba6d35c229ed30
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2