3930449b4149acb64fbe41b5ff4c58046881472b2f0e9cd2bdf465f31209b8e8 | Triage

Sharing

General

Target

68c12af2cfbacf4ff33f6dfaffac037a_JaffaCakes118
Size

25KB
Sample

240522-1qhjpsab21
MD5

68c12af2cfbacf4ff33f6dfaffac037a
SHA1

a913509bd44da40de1170fbce7e9e4f616fb8578
SHA256

3930449b4149acb64fbe41b5ff4c58046881472b2f0e9cd2bdf465f31209b8e8
SHA512

4cc67da7337afe8ed4b2dda25e9378565c00f897226cf954a57ca3b6c240c2e0aabd7460a787a07c7b6a60a5998b6d9447d6196f25c2a934d306efcb12ca2f6d
SSDEEP

768:rqv/II5lrephx35mPGjHiN4kOCOa2PpZiXlWKaaGPRgzh5:rqv/TSHajH

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://92.63.197.60/c.exe?RioM

Targets

- Target
  
  68c12af2cfbacf4ff33f6dfaffac037a_JaffaCakes118
- Size
  
  25KB
- MD5
  
  68c12af2cfbacf4ff33f6dfaffac037a
- SHA1
  
  a913509bd44da40de1170fbce7e9e4f616fb8578
- SHA256
  
  3930449b4149acb64fbe41b5ff4c58046881472b2f0e9cd2bdf465f31209b8e8
- SHA512
  
  4cc67da7337afe8ed4b2dda25e9378565c00f897226cf954a57ca3b6c240c2e0aabd7460a787a07c7b6a60a5998b6d9447d6196f25c2a934d306efcb12ca2f6d
- SSDEEP
  
  768:rqv/II5lrephx35mPGjHiN4kOCOa2PpZiXlWKaaGPRgzh5:rqv/TSHajH
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2