Overview

overview

10

Static

static

10

33a0d480fb...18.ps1

windows7-x64

8

33a0d480fb...18.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33a0d480fba471d818f9b3a313f44bb2_JaffaCakes118

  • Size

    4KB

  • Sample

    240511-j6dr1sah26

  • MD5

    33a0d480fba471d818f9b3a313f44bb2

  • SHA1

    9ff5d1b8488e0425640bfe0b9cd4af87a43dd291

  • SHA256

    949265ab13d00d390f0c8d057b353e9bf1eb23a4a4cc581c69bee8301107e1de

  • SHA512

    c47a945bf20ff339d86e6ced75f389050ab318daae1658b8ca8fb8c9642866a43d076a5e194c4335bf69a7253bf107783743f6714650ea18d97e58a8e73ce939

  • SSDEEP

    48:p8lXq/rLRZ10SM8oxF83KEF5Vo76kxJTY4oZoR7usj1LURgCFzbpXlldGO:8Z7qg1jRWV

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://103.125.218.107/b2f627/svcupdate.exe
exe.dropper

http://global.bitmex.com.de/b2f627fff19fda/svcupdate.exe
exe.dropper

http://103.125.218.107/b2f627/config.json
exe.dropper

http://global.bitmex.com.de/b2f627fff19fda/config.json
exe.dropper

http://103.125.218.107/b2f627/svcworkmanager.exe
exe.dropper

http://global.bitmex.com.de/b2f627fff19fda/svcworkmanager.exe
exe.dropper

http://103.125.218.107/b2f627/newsvc.ps1
exe.dropper

http://global.bitmex.com.de/b2f627fff19fda/newsvc.ps1
exe.dropper

http://103.125.218.107/b2f627/svcguard.exe
exe.dropper

http://global.bitmex.com.de/b2f627fff19fda/svcguard.exe
exe.dropper

http://103.125.218.107/b2f627/clean.bat
exe.dropper

http://global.bitmex.com.de/b2f627fff19fda/clean.bat

Targets

    • Target

      33a0d480fba471d818f9b3a313f44bb2_JaffaCakes118

    • Size

      4KB

    • MD5

      33a0d480fba471d818f9b3a313f44bb2

    • SHA1

      9ff5d1b8488e0425640bfe0b9cd4af87a43dd291

    • SHA256

      949265ab13d00d390f0c8d057b353e9bf1eb23a4a4cc581c69bee8301107e1de

    • SHA512

      c47a945bf20ff339d86e6ced75f389050ab318daae1658b8ca8fb8c9642866a43d076a5e194c4335bf69a7253bf107783743f6714650ea18d97e58a8e73ce939

    • SSDEEP

      48:p8lXq/rLRZ10SM8oxF83KEF5Vo76kxJTY4oZoR7usj1LURgCFzbpXlldGO:8Z7qg1jRWV

    Score
    8/10
    execution

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks