65eeb7555fce81d1b0b4a768ec4edde4f109ec284aed45a2c5ef19f8dc6c7c47 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fafdb22ccf79885a6a78acc42be46237_JaffaCakes118
Size

918B
Sample

240419-xzzykadb44
MD5

fafdb22ccf79885a6a78acc42be46237
SHA1

6b12ddd6033f7b3abb07b6783b83700aeb6bae4d
SHA256

65eeb7555fce81d1b0b4a768ec4edde4f109ec284aed45a2c5ef19f8dc6c7c47
SHA512

9e5944acbcf5fe7df61a4714e183990c7dff4657cb4b90539cc38a6bca8f116014614d7029f2a60d06487818e813dcbbd954a0272e16658e4c7f48fdd2d056ce

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://0xcoin.org/test.jpg

Targets

- Target
  
  fafdb22ccf79885a6a78acc42be46237_JaffaCakes118
- Size
  
  918B
- MD5
  
  fafdb22ccf79885a6a78acc42be46237
- SHA1
  
  6b12ddd6033f7b3abb07b6783b83700aeb6bae4d
- SHA256
  
  65eeb7555fce81d1b0b4a768ec4edde4f109ec284aed45a2c5ef19f8dc6c7c47
- SHA512
  
  9e5944acbcf5fe7df61a4714e183990c7dff4657cb4b90539cc38a6bca8f116014614d7029f2a60d06487818e813dcbbd954a0272e16658e4c7f48fdd2d056ce
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2