9c36c4c116ef160ea8b88193721643a2f6e0140ea2aaad0e6e9156d963f27a44 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fac005f5b1f7803bf46f50697b0b3a4e_JaffaCakes118
Size

1.3MB
Sample

240927-tzvgastfng
MD5

fac005f5b1f7803bf46f50697b0b3a4e
SHA1

063776ad1353d745c4b47816798838ce13a37ac4
SHA256

9c36c4c116ef160ea8b88193721643a2f6e0140ea2aaad0e6e9156d963f27a44
SHA512

879ed5e65a0a4ad96304edc52267c76b69a217febb415898e268edda055ccac37a9e3a552fa9ef1db82e8a4c8e78145b0ff4969ba67b5f0e371f42d2a8e416ad
SSDEEP

24576:I1uoD1R9FlL8BKJliZPmMyzbx9WoGgflrGALZwxip:I1cFmMy0er9LYy

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  fac005f5b1f7803bf46f50697b0b3a4e_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  fac005f5b1f7803bf46f50697b0b3a4e
- SHA1
  
  063776ad1353d745c4b47816798838ce13a37ac4
- SHA256
  
  9c36c4c116ef160ea8b88193721643a2f6e0140ea2aaad0e6e9156d963f27a44
- SHA512
  
  879ed5e65a0a4ad96304edc52267c76b69a217febb415898e268edda055ccac37a9e3a552fa9ef1db82e8a4c8e78145b0ff4969ba67b5f0e371f42d2a8e416ad
- SSDEEP
  
  24576:I1uoD1R9FlL8BKJliZPmMyzbx9WoGgflrGALZwxip:I1cFmMy0er9LYy
Score

8^/10

discovery
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2