4473904d0cc84ff8700aadd1b40eb51c28e50587a535ca8973eb6d2274256b2b | Triage

Sharing

General

Target

c2ae2d66faffdc0d13df6e94defa9637_JaffaCakes118
Size

6KB
Sample

240826-kzqzfawaqg
MD5

c2ae2d66faffdc0d13df6e94defa9637
SHA1

07ed5c9cada82d7b91df7830c296b04b46e3c378
SHA256

4473904d0cc84ff8700aadd1b40eb51c28e50587a535ca8973eb6d2274256b2b
SHA512

368458bb5628098e961dda8a641fc0fff8a048c2258990cfbe06e31c11ededc3ff485f15e9ea5474267373755a8c815aa6c43d8b441d67ed8efb7437af6c6b12
SSDEEP

96:2UJnedMkxtRIwHH7lm682mpDoiBwK1VRhZqUVT8kh50QzNt:JG1blm6YXWK1VRhZXV4khGy

Score

8^/10

execution

Malware Config

Targets

- Target
  
  c2ae2d66faffdc0d13df6e94defa9637_JaffaCakes118
- Size
  
  6KB
- MD5
  
  c2ae2d66faffdc0d13df6e94defa9637
- SHA1
  
  07ed5c9cada82d7b91df7830c296b04b46e3c378
- SHA256
  
  4473904d0cc84ff8700aadd1b40eb51c28e50587a535ca8973eb6d2274256b2b
- SHA512
  
  368458bb5628098e961dda8a641fc0fff8a048c2258990cfbe06e31c11ededc3ff485f15e9ea5474267373755a8c815aa6c43d8b441d67ed8efb7437af6c6b12
- SSDEEP
  
  96:2UJnedMkxtRIwHH7lm682mpDoiBwK1VRhZqUVT8kh50QzNt:JG1blm6YXWK1VRhZXV4khGy
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2