0bde60ccc60a94db9d184e5a7b29b8b42df7756e3e8601afac1d34f7132539c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03e1ac5d4a4dbaa529a6073a2deeffcb_JaffaCakes118
Size

184KB
Sample

241001-brzf6stfqm
MD5

03e1ac5d4a4dbaa529a6073a2deeffcb
SHA1

a3ba5b25a101e0c6d8bd51ddee4edd5aa9724c79
SHA256

0bde60ccc60a94db9d184e5a7b29b8b42df7756e3e8601afac1d34f7132539c7
SHA512

e6a3cbcda439d6afb4a55d779554e9b006e428fdc0dd80c2e72a951088752435df3e1a10a5e76a0a4dc532b6d4e45bc7cfa45e7073478aa80dbb7cf4a4ddce76
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3m:/7BSH8zUB+nGESaaRvoB7FJNndnH

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  03e1ac5d4a4dbaa529a6073a2deeffcb_JaffaCakes118
- Size
  
  184KB
- MD5
  
  03e1ac5d4a4dbaa529a6073a2deeffcb
- SHA1
  
  a3ba5b25a101e0c6d8bd51ddee4edd5aa9724c79
- SHA256
  
  0bde60ccc60a94db9d184e5a7b29b8b42df7756e3e8601afac1d34f7132539c7
- SHA512
  
  e6a3cbcda439d6afb4a55d779554e9b006e428fdc0dd80c2e72a951088752435df3e1a10a5e76a0a4dc532b6d4e45bc7cfa45e7073478aa80dbb7cf4a4ddce76
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3m:/7BSH8zUB+nGESaaRvoB7FJNndnH
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution