bdc65e383834163e8c493ccced8b96eac6412d28051c8665fe3663e0ebadf782 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d846a90666124e6271b359dba466e25_JaffaCakes118
Size

6.0MB
Sample

240502-e717gsba92
MD5

0d846a90666124e6271b359dba466e25
SHA1

26b8d72548989fbbcfaf23c3085dd7256ee2b613
SHA256

bdc65e383834163e8c493ccced8b96eac6412d28051c8665fe3663e0ebadf782
SHA512

540e3dcb31ade85b2f3ad0136b1caf5adb3809493019882afdcf224ce9cb0683f479fee5cecf08d00099d9a1a3e4c37b8434b192c6c1283fa41b3a7bc32fb7c8
SSDEEP

98304:DHgUXO2N/VeEOKcOk3XyPqPLyJKS4J3R4ZImfJwW+8PJp/ZAOBvAYM0soJFgn/bK:DNVN9eEY9jaK9wumxwfG7Z9lLsoJFgne

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://goo.gl/v5D4FL

Targets

- Target
  
  0d846a90666124e6271b359dba466e25_JaffaCakes118
- Size
  
  6.0MB
- MD5
  
  0d846a90666124e6271b359dba466e25
- SHA1
  
  26b8d72548989fbbcfaf23c3085dd7256ee2b613
- SHA256
  
  bdc65e383834163e8c493ccced8b96eac6412d28051c8665fe3663e0ebadf782
- SHA512
  
  540e3dcb31ade85b2f3ad0136b1caf5adb3809493019882afdcf224ce9cb0683f479fee5cecf08d00099d9a1a3e4c37b8434b192c6c1283fa41b3a7bc32fb7c8
- SSDEEP
  
  98304:DHgUXO2N/VeEOKcOk3XyPqPLyJKS4J3R4ZImfJwW+8PJp/ZAOBvAYM0soJFgn/bK:DNVN9eEY9jaK9wumxwfG7Z9lLsoJFgne
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2