ea589edfd9afe9e464f2c5c40de417c48640ee69569f76da742aefc0970ba50d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef001ab659c0aa484bf05ba4542b11a2_JaffaCakes118
Size

184KB
Sample

240921-d78qwstcnl
MD5

ef001ab659c0aa484bf05ba4542b11a2
SHA1

eca88643f50a2cf8c3c8ca40372bf6782c28508b
SHA256

ea589edfd9afe9e464f2c5c40de417c48640ee69569f76da742aefc0970ba50d
SHA512

4fe63cc0db710cc8a22c071adc50ec8833106468a4c8a0c1d75c71474fe811b7ecb6b5cdc64a6f9e355108b8374e70176133f78c4e26a80d39d2d1a4963e41bd
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3s:/7BSH8zUB+nGESaaRvoB7FJNndnF

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  ef001ab659c0aa484bf05ba4542b11a2_JaffaCakes118
- Size
  
  184KB
- MD5
  
  ef001ab659c0aa484bf05ba4542b11a2
- SHA1
  
  eca88643f50a2cf8c3c8ca40372bf6782c28508b
- SHA256
  
  ea589edfd9afe9e464f2c5c40de417c48640ee69569f76da742aefc0970ba50d
- SHA512
  
  4fe63cc0db710cc8a22c071adc50ec8833106468a4c8a0c1d75c71474fe811b7ecb6b5cdc64a6f9e355108b8374e70176133f78c4e26a80d39d2d1a4963e41bd
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3s:/7BSH8zUB+nGESaaRvoB7FJNndnF
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution