1a9e14cde068d980463edd91919a463938844282afec9c756fe7391b3dae3024 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1bf6de7cafe5f9f1e0f9fda9efc272d_JaffaCakes118
Size

184KB
Sample

240825-2qzzeszaqf
MD5

c1bf6de7cafe5f9f1e0f9fda9efc272d
SHA1

f0d63eaf2de5c6c6514944a544dcd09b6d9f4ffc
SHA256

1a9e14cde068d980463edd91919a463938844282afec9c756fe7391b3dae3024
SHA512

22adbc5ba4f1ad9cbe1fb816dc7192a47e4efbf1e0af2d9034d47efb0a4c88db0321e6b782794b59d454bb7767c9ee3551c82341c21ed92b773ae50a42b33f7d
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3K:/7BSH8zUB+nGESaaRvoB7FJNndnH

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  c1bf6de7cafe5f9f1e0f9fda9efc272d_JaffaCakes118
- Size
  
  184KB
- MD5
  
  c1bf6de7cafe5f9f1e0f9fda9efc272d
- SHA1
  
  f0d63eaf2de5c6c6514944a544dcd09b6d9f4ffc
- SHA256
  
  1a9e14cde068d980463edd91919a463938844282afec9c756fe7391b3dae3024
- SHA512
  
  22adbc5ba4f1ad9cbe1fb816dc7192a47e4efbf1e0af2d9034d47efb0a4c88db0321e6b782794b59d454bb7767c9ee3551c82341c21ed92b773ae50a42b33f7d
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3K:/7BSH8zUB+nGESaaRvoB7FJNndnH
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution