d5c1a1f3788b8498fba6f61c365b08baf0fdd2765efde052baa97919d9f6a6d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8092b13f7e18ef5c2de59ea0d41247a7_JaffaCakes118
Size

184KB
Sample

240529-ngsl4ade65
MD5

8092b13f7e18ef5c2de59ea0d41247a7
SHA1

6cf1449c71e19783f9864f84c3e1137e49401fd4
SHA256

d5c1a1f3788b8498fba6f61c365b08baf0fdd2765efde052baa97919d9f6a6d1
SHA512

83e959891c3591e677b81c2b7e633f6877a689a398a93911121119f528e9e60d217a12903f78555147d4759604a444fb0925779070a30eb81b0f58fd56e706ca
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3KT:/7BSH8zUB+nGESaaRvoB7FJNndnRT

Score

8^/10

execution

Malware Config

Targets

- Target
  
  8092b13f7e18ef5c2de59ea0d41247a7_JaffaCakes118
- Size
  
  184KB
- MD5
  
  8092b13f7e18ef5c2de59ea0d41247a7
- SHA1
  
  6cf1449c71e19783f9864f84c3e1137e49401fd4
- SHA256
  
  d5c1a1f3788b8498fba6f61c365b08baf0fdd2765efde052baa97919d9f6a6d1
- SHA512
  
  83e959891c3591e677b81c2b7e633f6877a689a398a93911121119f528e9e60d217a12903f78555147d4759604a444fb0925779070a30eb81b0f58fd56e706ca
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3KT:/7BSH8zUB+nGESaaRvoB7FJNndnRT
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2