3cef3dbe12c989dd856b06159a3ac80500e6606019a54befffbb679d3d0e0fa6 | Triage

Sharing

General

Target

694aa900342d5034dae5fa2f827b9b17_JaffaCakes118
Size

29KB
Sample

240523-bwvzjsgf5w
MD5

694aa900342d5034dae5fa2f827b9b17
SHA1

4835871e45c19629e538de18859e14457a0f6b8e
SHA256

3cef3dbe12c989dd856b06159a3ac80500e6606019a54befffbb679d3d0e0fa6
SHA512

1ab13e034f7e940e8bcd6bc2b20553ac1fd6dc4df5dc9be3d274f7f27e67f8486f65c287583b5756306cf5cad7ede7018580ac1d787dd4506c3c95ea2aa786ee
SSDEEP

768:v6s+l8vBYhSkm+722TdjI8MdlUXjz3m2+JTuA5gYTA0D/4MLI9nf+r:Cs+l8yJm+72LflWOgKZl

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://members.giftera.org/cVNbVdYMuS.php

Targets

- Target
  
  694aa900342d5034dae5fa2f827b9b17_JaffaCakes118
- Size
  
  29KB
- MD5
  
  694aa900342d5034dae5fa2f827b9b17
- SHA1
  
  4835871e45c19629e538de18859e14457a0f6b8e
- SHA256
  
  3cef3dbe12c989dd856b06159a3ac80500e6606019a54befffbb679d3d0e0fa6
- SHA512
  
  1ab13e034f7e940e8bcd6bc2b20553ac1fd6dc4df5dc9be3d274f7f27e67f8486f65c287583b5756306cf5cad7ede7018580ac1d787dd4506c3c95ea2aa786ee
- SSDEEP
  
  768:v6s+l8vBYhSkm+722TdjI8MdlUXjz3m2+JTuA5gYTA0D/4MLI9nf+r:Cs+l8yJm+72LflWOgKZl
Score

10^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2