2d668c77647badbfe7111d008e5a4cef804a63778b123b4f1ac7342562bf7d91 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d084b0d37366f840a0d3a499960537ed_JaffaCakes118
Size

184KB
Sample

240906-1qwfkazekg
MD5

d084b0d37366f840a0d3a499960537ed
SHA1

6cd61b82f3d9a8bc7bdd67c83578f7de983d5d82
SHA256

2d668c77647badbfe7111d008e5a4cef804a63778b123b4f1ac7342562bf7d91
SHA512

d2a141ffeeefd6816cd69001398dfeb96c980ea403562d6e50a5ec6453e4f2475f355ea2e4c0b56406689b3d06497f0bf59e3187d8c84e959377297f77995f4d
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3h:/7BSH8zUB+nGESaaRvoB7FJNndn4

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  d084b0d37366f840a0d3a499960537ed_JaffaCakes118
- Size
  
  184KB
- MD5
  
  d084b0d37366f840a0d3a499960537ed
- SHA1
  
  6cd61b82f3d9a8bc7bdd67c83578f7de983d5d82
- SHA256
  
  2d668c77647badbfe7111d008e5a4cef804a63778b123b4f1ac7342562bf7d91
- SHA512
  
  d2a141ffeeefd6816cd69001398dfeb96c980ea403562d6e50a5ec6453e4f2475f355ea2e4c0b56406689b3d06497f0bf59e3187d8c84e959377297f77995f4d
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3h:/7BSH8zUB+nGESaaRvoB7FJNndn4
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution