e6897e621e5f902af4dbaed94ce62f06afb4ab7c0ad7b7eea7a24c8aa0472925 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab20f98bd96ceffaf417eacde605eb0f_JaffaCakes118
Size

61KB
Sample

240614-w26cpawaqp
MD5

ab20f98bd96ceffaf417eacde605eb0f
SHA1

aff5d1d1893998e6dc4307857caaca34aa4fddb8
SHA256

e6897e621e5f902af4dbaed94ce62f06afb4ab7c0ad7b7eea7a24c8aa0472925
SHA512

eb889faeab38a70e79054d75942188f4df20fdcc85e0706fc16602f8bac8f49a1afe85cc723257661a4d9183d6fd485bc6394b801c9114a0a259a3401fb0a6a3
SSDEEP

768:vMOSz63MQNouZ4RRrun1Bba43JuO4ovj6c5QEIftMMMMMMgGTbrlxRZ:EOSzbTxWLbagM4vj6mQjMMMMMMg+

Score

7^/10

Malware Config

Targets

- Target
  
  ab20f98bd96ceffaf417eacde605eb0f_JaffaCakes118
- Size
  
  61KB
- MD5
  
  ab20f98bd96ceffaf417eacde605eb0f
- SHA1
  
  aff5d1d1893998e6dc4307857caaca34aa4fddb8
- SHA256
  
  e6897e621e5f902af4dbaed94ce62f06afb4ab7c0ad7b7eea7a24c8aa0472925
- SHA512
  
  eb889faeab38a70e79054d75942188f4df20fdcc85e0706fc16602f8bac8f49a1afe85cc723257661a4d9183d6fd485bc6394b801c9114a0a259a3401fb0a6a3
- SSDEEP
  
  768:vMOSz63MQNouZ4RRrun1Bba43JuO4ovj6c5QEIftMMMMMMgGTbrlxRZ:EOSzbTxWLbagM4vj6mQjMMMMMMg+
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2