288e8db6e8540786018bae022f32352a8d86b79d9f4e7d5fe6da6203eec7b966 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

714c1b53a50cdcd2a218a654ded45eab_JaffaCakes118
Size

184KB
Sample

240525-jl3kmsah2v
MD5

714c1b53a50cdcd2a218a654ded45eab
SHA1

c4eb6ebcaeced89133481c18139b2c9bf687ec1c
SHA256

288e8db6e8540786018bae022f32352a8d86b79d9f4e7d5fe6da6203eec7b966
SHA512

d7342e62ab1ec3c2268c1dffeda33d11c56ab9b1f061dfbbdc331ef160361899c6e3e45d7ccc608f27837c851f907a73d7405817fbadc93d413e7566b9dd8bb3
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO39:/7BSH8zUB+nGESaaRvoB7FJNndno

Score

8^/10

execution

Malware Config

Targets

- Target
  
  714c1b53a50cdcd2a218a654ded45eab_JaffaCakes118
- Size
  
  184KB
- MD5
  
  714c1b53a50cdcd2a218a654ded45eab
- SHA1
  
  c4eb6ebcaeced89133481c18139b2c9bf687ec1c
- SHA256
  
  288e8db6e8540786018bae022f32352a8d86b79d9f4e7d5fe6da6203eec7b966
- SHA512
  
  d7342e62ab1ec3c2268c1dffeda33d11c56ab9b1f061dfbbdc331ef160361899c6e3e45d7ccc608f27837c851f907a73d7405817fbadc93d413e7566b9dd8bb3
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO39:/7BSH8zUB+nGESaaRvoB7FJNndno
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2