cfa9fc8db9ff8e27a9b1fca5b637df7a05b4ac357fe5d377b254a9b5d940ba84 | Triage

Sharing

General

Target

c243278876573cbbcc050a9fb911164d_JaffaCakes118
Size

184KB
Sample

240826-et3hdsvama
MD5

c243278876573cbbcc050a9fb911164d
SHA1

993c2c616a666fa155c87cf24f80ad95b9bd84b1
SHA256

cfa9fc8db9ff8e27a9b1fca5b637df7a05b4ac357fe5d377b254a9b5d940ba84
SHA512

d61ab51ac9aee2938bf5cebd2f09864effb95f61f60b88164e34737ae0f77eb68eea2fd3350753d8a71f16143a4c0ca12c9a0d23d7e2ea84c2ed3a167b8a06ed
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3u:/7BSH8zUB+nGESaaRvoB7FJNndnP

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  c243278876573cbbcc050a9fb911164d_JaffaCakes118
- Size
  
  184KB
- MD5
  
  c243278876573cbbcc050a9fb911164d
- SHA1
  
  993c2c616a666fa155c87cf24f80ad95b9bd84b1
- SHA256
  
  cfa9fc8db9ff8e27a9b1fca5b637df7a05b4ac357fe5d377b254a9b5d940ba84
- SHA512
  
  d61ab51ac9aee2938bf5cebd2f09864effb95f61f60b88164e34737ae0f77eb68eea2fd3350753d8a71f16143a4c0ca12c9a0d23d7e2ea84c2ed3a167b8a06ed
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3u:/7BSH8zUB+nGESaaRvoB7FJNndnP
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution