b71878dd0b3115d0e0e3a44236f07e8ffc6d7f879c296ea49ea3c900efa5344d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b1ca95c7a25652422d61aa53c17172b_JaffaCakes118
Size

24KB
Sample

240501-fpt6wsag48
MD5

0b1ca95c7a25652422d61aa53c17172b
SHA1

a93e6270ad5119952c2c74a856eb155be0aa5a7c
SHA256

b71878dd0b3115d0e0e3a44236f07e8ffc6d7f879c296ea49ea3c900efa5344d
SHA512

aed8fef2f68b8b55c735e2e56dae98921d4e602cf43b445718e6c11ac957e603625cb0df75a3af02f9f6d3ab76a72e1b469fb12acad36de04cef35e6d8cb933f
SSDEEP

192:gkdq7IHx3i3W81tQEAavaRw5YIN/6J5xL2wGNzODsrOWyy:gkdqiBm3y9Y6FLGcDsKWyy

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://perkinazo.at/payload.php

Targets

- Target
  
  0b1ca95c7a25652422d61aa53c17172b_JaffaCakes118
- Size
  
  24KB
- MD5
  
  0b1ca95c7a25652422d61aa53c17172b
- SHA1
  
  a93e6270ad5119952c2c74a856eb155be0aa5a7c
- SHA256
  
  b71878dd0b3115d0e0e3a44236f07e8ffc6d7f879c296ea49ea3c900efa5344d
- SHA512
  
  aed8fef2f68b8b55c735e2e56dae98921d4e602cf43b445718e6c11ac957e603625cb0df75a3af02f9f6d3ab76a72e1b469fb12acad36de04cef35e6d8cb933f
- SSDEEP
  
  192:gkdq7IHx3i3W81tQEAavaRw5YIN/6J5xL2wGNzODsrOWyy:gkdqiBm3y9Y6FLGcDsKWyy
Score

10^/10

evasion trojan
- Windows security bypass
  evasion trojan
- Deletes itself
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2