e8efd9ac56eb6ec024fbbe807d2f54cc948df8e155d207295e2247fd7e772fef | Triage

Sharing

General

Target

2c9084197915b9262bff92ade6f45c54_JaffaCakes118
Size

3KB
Sample

240510-bccnvshd5v
MD5

2c9084197915b9262bff92ade6f45c54
SHA1

2892e70f508dfe06a9815170fc7973e9e2ef51c7
SHA256

e8efd9ac56eb6ec024fbbe807d2f54cc948df8e155d207295e2247fd7e772fef
SHA512

415ac4f818ee8780fcf71d7318d621598b92b78113f3c65e2e2cb9a2f910ebfc80e6ecf5658406eb58bea0ca1c483ed8bc9aa2433c50d38825087eedfe18b51a

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://agenziapetra.com/img/md2.php

Targets

- Target
  
  2c9084197915b9262bff92ade6f45c54_JaffaCakes118
- Size
  
  3KB
- MD5
  
  2c9084197915b9262bff92ade6f45c54
- SHA1
  
  2892e70f508dfe06a9815170fc7973e9e2ef51c7
- SHA256
  
  e8efd9ac56eb6ec024fbbe807d2f54cc948df8e155d207295e2247fd7e772fef
- SHA512
  
  415ac4f818ee8780fcf71d7318d621598b92b78113f3c65e2e2cb9a2f910ebfc80e6ecf5658406eb58bea0ca1c483ed8bc9aa2433c50d38825087eedfe18b51a
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2