ba90314276523bbec4810b3a8b60fe84c3148c8041134369d2d51e299543868b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

626915433496e030a729154eac72cd70_JaffaCakes118
Size

183KB
Sample

240722-jw2q4awglf
MD5

626915433496e030a729154eac72cd70
SHA1

1205247b7549d0d74c26000dd1546f5326a46624
SHA256

ba90314276523bbec4810b3a8b60fe84c3148c8041134369d2d51e299543868b
SHA512

e156c1d59ee5cfd59209d40aa9ef5068b6d75503538beb82350c5300fdd2b44f6a0be36fb1636d84b3f826be61638aea8b7249a7ceb22a69798c0260021c362b
SSDEEP

3072:a/ampeVe/rQIf3dx3Qx0kY9Y/XeVaqB+JPKmPJZFLmBKZdYabCF9k1szLuEa:aTpeVGrbtx3a0r9gWUfJPmBaMOsLHa

Score

8^/10

Malware Config

Targets

- Target
  
  626915433496e030a729154eac72cd70_JaffaCakes118
- Size
  
  183KB
- MD5
  
  626915433496e030a729154eac72cd70
- SHA1
  
  1205247b7549d0d74c26000dd1546f5326a46624
- SHA256
  
  ba90314276523bbec4810b3a8b60fe84c3148c8041134369d2d51e299543868b
- SHA512
  
  e156c1d59ee5cfd59209d40aa9ef5068b6d75503538beb82350c5300fdd2b44f6a0be36fb1636d84b3f826be61638aea8b7249a7ceb22a69798c0260021c362b
- SSDEEP
  
  3072:a/ampeVe/rQIf3dx3Qx0kY9Y/XeVaqB+JPKmPJZFLmBKZdYabCF9k1szLuEa:aTpeVGrbtx3a0r9gWUfJPmBaMOsLHa
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2