ab1c54b92d411e7c51f5d45651ef9ab52b3897f0f63d565b9ff8ce7dc4047c0b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6b7aa2f86d9cbcea9d7c99762a94a0e_JaffaCakes118
Size

184KB
Sample

240925-yarrbsxamd
MD5

f6b7aa2f86d9cbcea9d7c99762a94a0e
SHA1

9ec1599eaf5cc4a74aa8f2f158be768a045d5661
SHA256

ab1c54b92d411e7c51f5d45651ef9ab52b3897f0f63d565b9ff8ce7dc4047c0b
SHA512

074c08c00727235bd6ed24e2dbbf7d9f8b72bbaffd8a7ac4d175ec35881bd2821ea0e947a8bcfbe7a8aae3cc98868a6c66aa870e5f5fc1a0aa99f775713559fb
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO38L:/7BSH8zUB+nGESaaRvoB7FJNndnN

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  f6b7aa2f86d9cbcea9d7c99762a94a0e_JaffaCakes118
- Size
  
  184KB
- MD5
  
  f6b7aa2f86d9cbcea9d7c99762a94a0e
- SHA1
  
  9ec1599eaf5cc4a74aa8f2f158be768a045d5661
- SHA256
  
  ab1c54b92d411e7c51f5d45651ef9ab52b3897f0f63d565b9ff8ce7dc4047c0b
- SHA512
  
  074c08c00727235bd6ed24e2dbbf7d9f8b72bbaffd8a7ac4d175ec35881bd2821ea0e947a8bcfbe7a8aae3cc98868a6c66aa870e5f5fc1a0aa99f775713559fb
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO38L:/7BSH8zUB+nGESaaRvoB7FJNndnN
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution