ab0a6a9e8717e9001d7a9d0890bb8896091e01c74c306e40d3c17b4223ddb8e6 | Triage

Sharing

General

Target

be9dd77f7eb689192c518f7e8d8df8b9_JaffaCakes118
Size

184KB
Sample

240824-pygrlasdjn
MD5

be9dd77f7eb689192c518f7e8d8df8b9
SHA1

12835c1ae1407ae4cf5fd5a85d9950fc5523d5af
SHA256

ab0a6a9e8717e9001d7a9d0890bb8896091e01c74c306e40d3c17b4223ddb8e6
SHA512

97d9221a567f6a6c2ae5abf63188b4347f36725bfed57cc5bf47236f8f6d24b4d428b1facb4966a0a070a779d59b783291383e00a5afb8f01596122bd40bccd7
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3L:/7BSH8zUB+nGESaaRvoB7FJNndni

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  be9dd77f7eb689192c518f7e8d8df8b9_JaffaCakes118
- Size
  
  184KB
- MD5
  
  be9dd77f7eb689192c518f7e8d8df8b9
- SHA1
  
  12835c1ae1407ae4cf5fd5a85d9950fc5523d5af
- SHA256
  
  ab0a6a9e8717e9001d7a9d0890bb8896091e01c74c306e40d3c17b4223ddb8e6
- SHA512
  
  97d9221a567f6a6c2ae5abf63188b4347f36725bfed57cc5bf47236f8f6d24b4d428b1facb4966a0a070a779d59b783291383e00a5afb8f01596122bd40bccd7
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3L:/7BSH8zUB+nGESaaRvoB7FJNndni
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution