d2738b431897d289afa8accc0cfb5867995e443ecccac6fdc195b3c1dee7c8f9 | Triage

Sharing

General

Target

efbe63a9f85ddcfbe7e07aa84f8e78c5_JaffaCakes118
Size

1.9MB
Sample

240921-n471as1epk
MD5

efbe63a9f85ddcfbe7e07aa84f8e78c5
SHA1

b1bf45b604ccb555d778993f93bc414a7e050fc9
SHA256

d2738b431897d289afa8accc0cfb5867995e443ecccac6fdc195b3c1dee7c8f9
SHA512

061a1fb171120146cc3a9d1fec27087ce4d518899fffc2b6f73c298db9fa8efdb0078927ae2bb955709d720cbe66d0b3ba504f2d0c70fb5cc508d1e83807ccc0
SSDEEP

24576:3zuRNyMlBacw/uPmT/ckk+5R6553giCAwqm9Sq9BG4jGKatZneRcd78IJhWeqPDE:3Gm/nTa3GjB//kZneRe8I7FcWq2

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  efbe63a9f85ddcfbe7e07aa84f8e78c5_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  efbe63a9f85ddcfbe7e07aa84f8e78c5
- SHA1
  
  b1bf45b604ccb555d778993f93bc414a7e050fc9
- SHA256
  
  d2738b431897d289afa8accc0cfb5867995e443ecccac6fdc195b3c1dee7c8f9
- SHA512
  
  061a1fb171120146cc3a9d1fec27087ce4d518899fffc2b6f73c298db9fa8efdb0078927ae2bb955709d720cbe66d0b3ba504f2d0c70fb5cc508d1e83807ccc0
- SSDEEP
  
  24576:3zuRNyMlBacw/uPmT/ckk+5R6553giCAwqm9Sq9BG4jGKatZneRcd78IJhWeqPDE:3Gm/nTa3GjB//kZneRe8I7FcWq2
Score

8^/10

discovery
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2