cd1d05c4c3a0c3dca7393896d2bd39b9ec9f42314d88e69589714aaa2b5a4a03 | Triage

Sharing

General

Target

658adc3d89fe4416f65c75a064934f4f_JaffaCakes118
Size

904B
Sample

240522-bzwegsgd3v
MD5

658adc3d89fe4416f65c75a064934f4f
SHA1

5afb7bcb6d2b02f2bc3e9ebb13d0170612ba86aa
SHA256

cd1d05c4c3a0c3dca7393896d2bd39b9ec9f42314d88e69589714aaa2b5a4a03
SHA512

949b9c539a65629db314f17d8a5649d06099e0a6f3da2c21a9c9432dafd65ac057422e8d4a44c2c93a42911bb6209f3deeded155899bca8ff5421cb89a8bd6a5

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://gpower.5gbfree.com/pix.exe

Targets

- Target
  
  olineformN98898778.lnk
- Size
  
  1KB
- MD5
  
  04e0fea48dfed1e026c3104e0d6aff88
- SHA1
  
  e639b0f5a486d5dffef28373ca2df867f99e7fb2
- SHA256
  
  76a5649587a8874b1b1a5b3a37d281a4194e8a19947ca33f2d12d12d53509d39
- SHA512
  
  c9e5ff0b7d9ddd4b47a57438115acd29338bc5c1e98c9a5f3a61405de90a43eea60c3b1ecf0c25326d4a506b4ae2e2970e794a2f5e1c4d911e89aeed73dbeba4
Score

10^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2