ad9830b60490a4576b35e12258d71060881a8dfb6f3d3c4653262d13fc9c5b34 | Triage

Sharing

General

Target

ffdd3dd2b9df472fe22273e6ab861f4d_JaffaCakes118
Size

184KB
Sample

240930-dzkdbszepe
MD5

ffdd3dd2b9df472fe22273e6ab861f4d
SHA1

29f6a87adfc251212c74424c895376f1f8680c30
SHA256

ad9830b60490a4576b35e12258d71060881a8dfb6f3d3c4653262d13fc9c5b34
SHA512

e6b2aea6850bcd22d591f89f484babd4f7c713f5232049414510e8e8fa859a06ecad2e93ce971ffeeba499b295a50943a25b98eb0755f8c2d85cd1beeb67ed01
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3D:/7BSH8zUB+nGESaaRvoB7FJNndnS

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  ffdd3dd2b9df472fe22273e6ab861f4d_JaffaCakes118
- Size
  
  184KB
- MD5
  
  ffdd3dd2b9df472fe22273e6ab861f4d
- SHA1
  
  29f6a87adfc251212c74424c895376f1f8680c30
- SHA256
  
  ad9830b60490a4576b35e12258d71060881a8dfb6f3d3c4653262d13fc9c5b34
- SHA512
  
  e6b2aea6850bcd22d591f89f484babd4f7c713f5232049414510e8e8fa859a06ecad2e93ce971ffeeba499b295a50943a25b98eb0755f8c2d85cd1beeb67ed01
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3D:/7BSH8zUB+nGESaaRvoB7FJNndnS
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution