83fb87fab05eccf6f8685c5e1e4c868f1e4ec51c4366cba4502682fcbae4aa4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17ddbb5f32e5f95dd681fd0675c2e927_JaffaCakes118
Size

681B
Sample

240505-qlqz6sbb21
MD5

17ddbb5f32e5f95dd681fd0675c2e927
SHA1

66901a29484e14bdcbf5fe8ed3b8e308e1c56217
SHA256

83fb87fab05eccf6f8685c5e1e4c868f1e4ec51c4366cba4502682fcbae4aa4a
SHA512

1d74ac6cce00735c4d040b482829996ee4d7bde48f9a58b79a524dd8d251fbd03a19f9393fc444db5f83ec6712f0a8b95a437083fc6e9ee1e564f5c40f7f0f41

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://urcamn.onedumb.com/v106?d7it39IFK

Targets

- Target
  
  Protestos.pdf.lnk
- Size
  
  1KB
- MD5
  
  37e35ded5b677bd4cf584bb9b820afb5
- SHA1
  
  5d9f3f1e211e78dc1463b41b66c5d92ad221c4b4
- SHA256
  
  6e313cb3f3f3b4f275261b85ffba6a5534fe421a605263d2390382038bebec4c
- SHA512
  
  9925e9e60c76f83257b5df326d044e620c16e70f8adec503b4a9f26c49ef9eeba923f51af46cb1175e1489c56e4daed2defba939dbe235f8f8ee32baa0a7c0e7
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2