b6fdedabcb1a27254c08b6db8b89347ac6880af3793e64671f46a7afb769c186 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd0ef82c890b7a28dd5502ba2603e3d7_JaffaCakes118
Size

184KB
Sample

240928-yypa4sxcqe
MD5

fd0ef82c890b7a28dd5502ba2603e3d7
SHA1

489e92d5f835907facd1588ed9b328f63b9e1555
SHA256

b6fdedabcb1a27254c08b6db8b89347ac6880af3793e64671f46a7afb769c186
SHA512

a1c9ce6ee42e01a04bc6aeaf965fa0c117f4f7abb265fa5d07cb4e0951e3e8c4257bf696169ffa77912603742580dddc1f87986c1023ef6b3d8910d8e24a4f7d
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3CS:/7BSH8zUB+nGESaaRvoB7FJNndnA

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  fd0ef82c890b7a28dd5502ba2603e3d7_JaffaCakes118
- Size
  
  184KB
- MD5
  
  fd0ef82c890b7a28dd5502ba2603e3d7
- SHA1
  
  489e92d5f835907facd1588ed9b328f63b9e1555
- SHA256
  
  b6fdedabcb1a27254c08b6db8b89347ac6880af3793e64671f46a7afb769c186
- SHA512
  
  a1c9ce6ee42e01a04bc6aeaf965fa0c117f4f7abb265fa5d07cb4e0951e3e8c4257bf696169ffa77912603742580dddc1f87986c1023ef6b3d8910d8e24a4f7d
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3CS:/7BSH8zUB+nGESaaRvoB7FJNndnA
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution