b7f3a44e8b8afd5bb85782b9c1c875e313e75ce33eda1a40888c633bbd2b19e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d56ed1c935a4f79012653b6539a7fd21_JaffaCakes118
Size

184KB
Sample

240909-bqqgwavdmm
MD5

d56ed1c935a4f79012653b6539a7fd21
SHA1

498e0ee91e7196c1fdb16609099c58d99f2115ed
SHA256

b7f3a44e8b8afd5bb85782b9c1c875e313e75ce33eda1a40888c633bbd2b19e2
SHA512

68860ccadd3bfe46523f794e163db8575de8e5fb0b658f826dc409b0a83ae35adbb52ef9b2e8446ee73d9c45d1541e0bb529138851cc8d88218c5a16bd8eb27d
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3j:/7BSH8zUB+nGESaaRvoB7FJNndnS

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  d56ed1c935a4f79012653b6539a7fd21_JaffaCakes118
- Size
  
  184KB
- MD5
  
  d56ed1c935a4f79012653b6539a7fd21
- SHA1
  
  498e0ee91e7196c1fdb16609099c58d99f2115ed
- SHA256
  
  b7f3a44e8b8afd5bb85782b9c1c875e313e75ce33eda1a40888c633bbd2b19e2
- SHA512
  
  68860ccadd3bfe46523f794e163db8575de8e5fb0b658f826dc409b0a83ae35adbb52ef9b2e8446ee73d9c45d1541e0bb529138851cc8d88218c5a16bd8eb27d
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3j:/7BSH8zUB+nGESaaRvoB7FJNndnS
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution