5cf4f691c96cd213b28b8a3abcdbad1ef86b2a0fe6643cb71b215a5461517c08 | Triage

Sharing

General

Target

d27766389a6a0e6f00ec4c0e15b78477_JaffaCakes118
Size

184KB
Sample

240907-v1626avgrp
MD5

d27766389a6a0e6f00ec4c0e15b78477
SHA1

d3193077003490491b451ccc325a939943ab1c00
SHA256

5cf4f691c96cd213b28b8a3abcdbad1ef86b2a0fe6643cb71b215a5461517c08
SHA512

7a7fef6d4d0bd8050e28397b05da8239abe39e56ab56843971c18f6d6d76d139aece8630743fec0ac5eac9b8040596e223a73502be1598f3aa8bc6f09dc8dcc1
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3hK:/7BSH8zUB+nGESaaRvoB7FJNndnwK

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  d27766389a6a0e6f00ec4c0e15b78477_JaffaCakes118
- Size
  
  184KB
- MD5
  
  d27766389a6a0e6f00ec4c0e15b78477
- SHA1
  
  d3193077003490491b451ccc325a939943ab1c00
- SHA256
  
  5cf4f691c96cd213b28b8a3abcdbad1ef86b2a0fe6643cb71b215a5461517c08
- SHA512
  
  7a7fef6d4d0bd8050e28397b05da8239abe39e56ab56843971c18f6d6d76d139aece8630743fec0ac5eac9b8040596e223a73502be1598f3aa8bc6f09dc8dcc1
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3hK:/7BSH8zUB+nGESaaRvoB7FJNndnwK
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution