6fa679b595a6942226944f98077bbe75040a77db3b1c5ebdac4542ecad57bfbc | Triage

Sharing

General

Target

ffda87ae8127e7b6b061ac1f9c589d16_JaffaCakes118
Size

134KB
Sample

240421-wn1kaagh5s
MD5

ffda87ae8127e7b6b061ac1f9c589d16
SHA1

5f379ba6b0adb0427c7a7d8c4f6b12da1d7b762e
SHA256

6fa679b595a6942226944f98077bbe75040a77db3b1c5ebdac4542ecad57bfbc
SHA512

be0714eb1274796066a1551ef92aaf55616976192ad600903923243b8748a2b8dd48e4b671d3d2492316e152353849fbdfdb4bcb63c162293be1500be112cbe9
SSDEEP

3072:RzRuF0zvbCqAwEu/SnpfEUKDmcjedPObLTw/E9Xuqq0UaijPsJjxsQM:RzRuF0zvbCqAwEu/SnpfJKDmcj7bRuRR

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://asesoriasconfood.com.co/magazine/magazine.php

Targets

- Target
  
  ffda87ae8127e7b6b061ac1f9c589d16_JaffaCakes118
- Size
  
  134KB
- MD5
  
  ffda87ae8127e7b6b061ac1f9c589d16
- SHA1
  
  5f379ba6b0adb0427c7a7d8c4f6b12da1d7b762e
- SHA256
  
  6fa679b595a6942226944f98077bbe75040a77db3b1c5ebdac4542ecad57bfbc
- SHA512
  
  be0714eb1274796066a1551ef92aaf55616976192ad600903923243b8748a2b8dd48e4b671d3d2492316e152353849fbdfdb4bcb63c162293be1500be112cbe9
- SSDEEP
  
  3072:RzRuF0zvbCqAwEu/SnpfEUKDmcjedPObLTw/E9Xuqq0UaijPsJjxsQM:RzRuF0zvbCqAwEu/SnpfJKDmcj7bRuRR
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2