b3056c449dafe32a7546e3ded8d11967262415b0625d7e8870901f66fcdb3a95 | Triage

Sharing

General

Target

faaa0eeb61294a96446a35d917a0cdaa_JaffaCakes118
Size

184KB
Sample

240927-sya6la1hlb
MD5

faaa0eeb61294a96446a35d917a0cdaa
SHA1

3721b35068748aa18f47bb29acfe539b5f8ec091
SHA256

b3056c449dafe32a7546e3ded8d11967262415b0625d7e8870901f66fcdb3a95
SHA512

5ef3e906f3889532eac37f10f322317ad5918f81e3081e5db424c6585c9d2cfa5e25edac62ee1c7467f7e932a73c14d37e0541a14dbf4eaaefa1367732120190
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3c:/7BSH8zUB+nGESaaRvoB7FJNndnB

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  faaa0eeb61294a96446a35d917a0cdaa_JaffaCakes118
- Size
  
  184KB
- MD5
  
  faaa0eeb61294a96446a35d917a0cdaa
- SHA1
  
  3721b35068748aa18f47bb29acfe539b5f8ec091
- SHA256
  
  b3056c449dafe32a7546e3ded8d11967262415b0625d7e8870901f66fcdb3a95
- SHA512
  
  5ef3e906f3889532eac37f10f322317ad5918f81e3081e5db424c6585c9d2cfa5e25edac62ee1c7467f7e932a73c14d37e0541a14dbf4eaaefa1367732120190
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3c:/7BSH8zUB+nGESaaRvoB7FJNndnB
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution