d2f6910b70c27ac678fe0b00c853c4d920c53665535fba406ef2e40da3d161bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c18c036fa130bd4d0c7f806416cb3fad_JaffaCakes118
Size

184KB
Sample

240825-zkf81stgqb
MD5

c18c036fa130bd4d0c7f806416cb3fad
SHA1

6b6ef6c63325c2404f9df2c04eea595cbf5b3bbb
SHA256

d2f6910b70c27ac678fe0b00c853c4d920c53665535fba406ef2e40da3d161bc
SHA512

28825dda98a7a4ca8749e52e86f880795fa9316fa7352e2ee712d2279e3222882b21d0266e40bd92c41f9de0f722b58b9e95c67cedd427fc6f565a1f55660cde
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3U:/7BSH8zUB+nGESaaRvoB7FJNndnp

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  c18c036fa130bd4d0c7f806416cb3fad_JaffaCakes118
- Size
  
  184KB
- MD5
  
  c18c036fa130bd4d0c7f806416cb3fad
- SHA1
  
  6b6ef6c63325c2404f9df2c04eea595cbf5b3bbb
- SHA256
  
  d2f6910b70c27ac678fe0b00c853c4d920c53665535fba406ef2e40da3d161bc
- SHA512
  
  28825dda98a7a4ca8749e52e86f880795fa9316fa7352e2ee712d2279e3222882b21d0266e40bd92c41f9de0f722b58b9e95c67cedd427fc6f565a1f55660cde
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3U:/7BSH8zUB+nGESaaRvoB7FJNndnp
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution