aa601e2f573673b356e32801d7b0937995d61005688365ea5392576a4eb2fc63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0277d08b9177211de9addc98267d498_JaffaCakes118
Size

184KB
Sample

240914-pbskkssgkk
MD5

e0277d08b9177211de9addc98267d498
SHA1

ff9ce14465ac8866fddf98730d15550b15ede34f
SHA256

aa601e2f573673b356e32801d7b0937995d61005688365ea5392576a4eb2fc63
SHA512

43ee40d6e076d4adbf187508b98f503a0730c8cb8100debb15e18db99aadf3492dba06cf1716e23eea8714ce7ec1428d55674943845fd3e5f056cc502dceae7f
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3I:/7BSH8zUB+nGESaaRvoB7FJNndnp

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  e0277d08b9177211de9addc98267d498_JaffaCakes118
- Size
  
  184KB
- MD5
  
  e0277d08b9177211de9addc98267d498
- SHA1
  
  ff9ce14465ac8866fddf98730d15550b15ede34f
- SHA256
  
  aa601e2f573673b356e32801d7b0937995d61005688365ea5392576a4eb2fc63
- SHA512
  
  43ee40d6e076d4adbf187508b98f503a0730c8cb8100debb15e18db99aadf3492dba06cf1716e23eea8714ce7ec1428d55674943845fd3e5f056cc502dceae7f
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3I:/7BSH8zUB+nGESaaRvoB7FJNndnp
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution