1c8165612c4cb7fe56d0d6966c7a5cc5d2025f8cd205da5ee66b11de1e693e0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3026acd351adb9564b7e16aba89fca08_JaffaCakes118
Size

184KB
Sample

241010-qytltsyaqa
MD5

3026acd351adb9564b7e16aba89fca08
SHA1

d68cbd672ffc8657cf4f14f9a6f51c538f51f462
SHA256

1c8165612c4cb7fe56d0d6966c7a5cc5d2025f8cd205da5ee66b11de1e693e0f
SHA512

f230cf295c2b3d73d39c582ddc81c83471b0db5a0b290b55ddcb38cda320a571ccb643668a46ad03078d7af702b50d06b21b699515f4961fceee44fa4066cc3f
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3R:/7BSH8zUB+nGESaaRvoB7FJNndnw

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  3026acd351adb9564b7e16aba89fca08_JaffaCakes118
- Size
  
  184KB
- MD5
  
  3026acd351adb9564b7e16aba89fca08
- SHA1
  
  d68cbd672ffc8657cf4f14f9a6f51c538f51f462
- SHA256
  
  1c8165612c4cb7fe56d0d6966c7a5cc5d2025f8cd205da5ee66b11de1e693e0f
- SHA512
  
  f230cf295c2b3d73d39c582ddc81c83471b0db5a0b290b55ddcb38cda320a571ccb643668a46ad03078d7af702b50d06b21b699515f4961fceee44fa4066cc3f
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3R:/7BSH8zUB+nGESaaRvoB7FJNndnw
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution