bfea8cc9871263247c2bf57ba6cc4c6e99f0fee888d7883a95f312380470123d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f2ee70338a276cd4950c9d54e54af7a_JaffaCakes118
Size

3KB
Sample

240524-vcsjvsce2t
MD5

6f2ee70338a276cd4950c9d54e54af7a
SHA1

c9db2e9b376fb94c453698ca4ced479edc01d1c1
SHA256

bfea8cc9871263247c2bf57ba6cc4c6e99f0fee888d7883a95f312380470123d
SHA512

c9efe0c34738bc6f00c1007106810c13d482b81f8d71745da9be4c5087c5150167988d048b4be3d99493d00d00d197c048a53b1cf7e931b675fb3a2a62662eeb

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://paste.ee/r/Xyjr0

ps1.dropper

https://paste.ee/r/edBSQ

Targets

- Target
  
  6f2ee70338a276cd4950c9d54e54af7a_JaffaCakes118
- Size
  
  3KB
- MD5
  
  6f2ee70338a276cd4950c9d54e54af7a
- SHA1
  
  c9db2e9b376fb94c453698ca4ced479edc01d1c1
- SHA256
  
  bfea8cc9871263247c2bf57ba6cc4c6e99f0fee888d7883a95f312380470123d
- SHA512
  
  c9efe0c34738bc6f00c1007106810c13d482b81f8d71745da9be4c5087c5150167988d048b4be3d99493d00d00d197c048a53b1cf7e931b675fb3a2a62662eeb
Score

10^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2