def7aebec2427ff56ab6edfff905b80c80db038afbb0aed330679783a6749c37 | Triage

Sharing

General

Target

cf65058043dcd73e011735d68aecc01d_JaffaCakes118
Size

5.0MB
Sample

240906-m3qh7asdpm
MD5

cf65058043dcd73e011735d68aecc01d
SHA1

06e7f60b57b0cb1c681e51e30c1da5e4d4d6281a
SHA256

def7aebec2427ff56ab6edfff905b80c80db038afbb0aed330679783a6749c37
SHA512

7662ad7b0d343c3a64107f1647d60f1209e419c3e23ff6e66e890196369b6e7e2d2fd5baee156289a69885a6e2b6fd90063eefabf961f70a34a0f41f57d2f286
SSDEEP

98304:n5aFGOjWOHT3XxsiqtSMp8DBcSJzBrJRRt75lXGuoNjH0UkbGowpt6:n5aFGOjdHFsiKRp8uSpBPH72usIbGoq6

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  cf65058043dcd73e011735d68aecc01d_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  cf65058043dcd73e011735d68aecc01d
- SHA1
  
  06e7f60b57b0cb1c681e51e30c1da5e4d4d6281a
- SHA256
  
  def7aebec2427ff56ab6edfff905b80c80db038afbb0aed330679783a6749c37
- SHA512
  
  7662ad7b0d343c3a64107f1647d60f1209e419c3e23ff6e66e890196369b6e7e2d2fd5baee156289a69885a6e2b6fd90063eefabf961f70a34a0f41f57d2f286
- SSDEEP
  
  98304:n5aFGOjWOHT3XxsiqtSMp8DBcSJzBrJRRt75lXGuoNjH0UkbGowpt6:n5aFGOjdHFsiKRp8uSpBPH72usIbGoq6
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution