4011c1ff0499b113ddab626b1f240826095aba6d423b49bb7f42e6aecef8f5a1 | Triage

Sharing

General

Target

826e9f4ef3a8068d221387bbfccb4e47_JaffaCakes118
Size

184KB
Sample

241031-j9brtsvekr
MD5

826e9f4ef3a8068d221387bbfccb4e47
SHA1

366587ec6129f05f3004d07f6bcb369cfea83897
SHA256

4011c1ff0499b113ddab626b1f240826095aba6d423b49bb7f42e6aecef8f5a1
SHA512

b73d36235b60b8645b8ddd2d2419c0790bc8a755494acf7205a36f920b7a723fc98e0b83c1165e6d3c3814ef0c1e8dcdb96f2806e311eba83c123327791aab02
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3Q:/7BSH8zUB+nGESaaRvoB7FJNndnF

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  826e9f4ef3a8068d221387bbfccb4e47_JaffaCakes118
- Size
  
  184KB
- MD5
  
  826e9f4ef3a8068d221387bbfccb4e47
- SHA1
  
  366587ec6129f05f3004d07f6bcb369cfea83897
- SHA256
  
  4011c1ff0499b113ddab626b1f240826095aba6d423b49bb7f42e6aecef8f5a1
- SHA512
  
  b73d36235b60b8645b8ddd2d2419c0790bc8a755494acf7205a36f920b7a723fc98e0b83c1165e6d3c3814ef0c1e8dcdb96f2806e311eba83c123327791aab02
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3Q:/7BSH8zUB+nGESaaRvoB7FJNndnF
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution