b3dc4afc3b5d4c239fc854e85da13063b45898fb7ddc1cee01cb316f4a5f9b9b | Triage

Sharing

General

Target

fca7e89b4a4cf615f84895dc9b68cd73_JaffaCakes118
Size

184KB
Sample

240928-th1lzsxaph
MD5

fca7e89b4a4cf615f84895dc9b68cd73
SHA1

b62def6d271a4c136e99c147b0a86a85f6bdb464
SHA256

b3dc4afc3b5d4c239fc854e85da13063b45898fb7ddc1cee01cb316f4a5f9b9b
SHA512

600a8af1fba5bd6646776953ef01a0453ac7062085b703dc572e95993a958338f59784eae63fb6efa0686544b3395063b647f25ca85c348f150c87aa3dd74cbc
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3x:/7BSH8zUB+nGESaaRvoB7FJNndnc

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  fca7e89b4a4cf615f84895dc9b68cd73_JaffaCakes118
- Size
  
  184KB
- MD5
  
  fca7e89b4a4cf615f84895dc9b68cd73
- SHA1
  
  b62def6d271a4c136e99c147b0a86a85f6bdb464
- SHA256
  
  b3dc4afc3b5d4c239fc854e85da13063b45898fb7ddc1cee01cb316f4a5f9b9b
- SHA512
  
  600a8af1fba5bd6646776953ef01a0453ac7062085b703dc572e95993a958338f59784eae63fb6efa0686544b3395063b647f25ca85c348f150c87aa3dd74cbc
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3x:/7BSH8zUB+nGESaaRvoB7FJNndnc
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution