6e40f381f829b53ca5cc827578a26d46e45cd181be3b0d25afbd2871ca6fc138 | Triage

Sharing

General

Target

44c168ce26509745482353631b69a718_JaffaCakes118
Size

2KB
Sample

240515-gddkfabh86
MD5

44c168ce26509745482353631b69a718
SHA1

961d144d6fe698db689933e25918d627bf322f7f
SHA256

6e40f381f829b53ca5cc827578a26d46e45cd181be3b0d25afbd2871ca6fc138
SHA512

28d37ad9c306447cac0446be5f6b65bd4bd6df3c9b204aa30c662e1329c6579cccbaf2ceb49654d7c309cccad3723263aef980f6fe38bd1be7f4229e018350c2

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://bit.do/eUUj6

Targets

- Target
  
  44c168ce26509745482353631b69a718_JaffaCakes118
- Size
  
  2KB
- MD5
  
  44c168ce26509745482353631b69a718
- SHA1
  
  961d144d6fe698db689933e25918d627bf322f7f
- SHA256
  
  6e40f381f829b53ca5cc827578a26d46e45cd181be3b0d25afbd2871ca6fc138
- SHA512
  
  28d37ad9c306447cac0446be5f6b65bd4bd6df3c9b204aa30c662e1329c6579cccbaf2ceb49654d7c309cccad3723263aef980f6fe38bd1be7f4229e018350c2
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2