9a9e4919f1185214c0f75050a04d5c6d8ed0a10851a29096dbe13b4c1495225e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16fcea378d2b978e09b4248aff84e4c2_JaffaCakes118
Size

3KB
Sample

240505-k8nknsde6t
MD5

16fcea378d2b978e09b4248aff84e4c2
SHA1

31c076693fcbce870fe3746c487bf5fa9cb7d489
SHA256

9a9e4919f1185214c0f75050a04d5c6d8ed0a10851a29096dbe13b4c1495225e
SHA512

6ab038f62acc1d456829d6ecda8fcfb8190f64da0f0e113220f592fdc5508248326bcd8eae667d9df9e8646cca1ee4fcc1c1d9e92567e7e7601d4f7c3644e4c0

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://nocs.com.br/wp-content/themes/cake/md2.php

Targets

- Target
  
  16fcea378d2b978e09b4248aff84e4c2_JaffaCakes118
- Size
  
  3KB
- MD5
  
  16fcea378d2b978e09b4248aff84e4c2
- SHA1
  
  31c076693fcbce870fe3746c487bf5fa9cb7d489
- SHA256
  
  9a9e4919f1185214c0f75050a04d5c6d8ed0a10851a29096dbe13b4c1495225e
- SHA512
  
  6ab038f62acc1d456829d6ecda8fcfb8190f64da0f0e113220f592fdc5508248326bcd8eae667d9df9e8646cca1ee4fcc1c1d9e92567e7e7601d4f7c3644e4c0
Score

10^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2