3fc66c7fa652886cbdf85cc85aed678871dedf01f80207fb94c7d316199e38fb | Triage

Sharing

General

Target

6b00aff2f2bfd66a58cf05c453fd94a7_JaffaCakes118
Size

1KB
Sample

240523-p4hk3sbc56
MD5

6b00aff2f2bfd66a58cf05c453fd94a7
SHA1

7e74cfabd602f4a677c1227f66d56b55a952ac81
SHA256

3fc66c7fa652886cbdf85cc85aed678871dedf01f80207fb94c7d316199e38fb
SHA512

b6187ca747adbda488fc7a115c7d8ec5aab5c59466d2118ad85e274ff5ce88d0d4e37d0e4353d4bc2ae9cd2f177af32572cebb6728cbbe53fa919301fa5520a4

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://muonlinebr.com.br/imagens.jpg

Targets

- Target
  
  mpf248001.lnk
- Size
  
  2KB
- MD5
  
  77974f95d0161538e10b02e181f43ca5
- SHA1
  
  9a140197bd19de7a5aca70286780d81c9d33a709
- SHA256
  
  4de917051a4f97310df4d0674dfd2d8fb019bb033af88d9521e2ae1f30cd8936
- SHA512
  
  2cfac448a050a3c00c8f4a80c96e2a0aba5b5526d7c420a63ed1b1a32bc0202578bf86a960a918490340864a33d54fafd8f887c41a762724dbcb959266f3f6ad
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2