General

  • Target

    741f83e8cec69b1fe32dc48eb147e6cd_JaffaCakes118

  • Size

    257KB

  • Sample

    240526-dffwssdb75

  • MD5

    741f83e8cec69b1fe32dc48eb147e6cd

  • SHA1

    08e9edcdc15dd687743d3bd8950b217f6e830f8d

  • SHA256

    28e1b6cf6980b009867b8919f68f41203e6796e1f95c3f82c17cf1c5d8ac5b68

  • SHA512

    0999894f9a2b589023fd731ee4b0cbdaf3708a5a325161e42e9e7dff123459b43b3c27fa95dbe614392fc6cf3698ed1ee41eb6d26f015f719a612361bf2a4851

  • SSDEEP

    6144:PsCwu+mWhJifvtNP/7YXSLB80PetF5UhR3prt:kxmIJQvPkitegR3pJ

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://down.ctosus.ru/wget.exe

Targets

    • Target

      741f83e8cec69b1fe32dc48eb147e6cd_JaffaCakes118

    • Size

      257KB

    • MD5

      741f83e8cec69b1fe32dc48eb147e6cd

    • SHA1

      08e9edcdc15dd687743d3bd8950b217f6e830f8d

    • SHA256

      28e1b6cf6980b009867b8919f68f41203e6796e1f95c3f82c17cf1c5d8ac5b68

    • SHA512

      0999894f9a2b589023fd731ee4b0cbdaf3708a5a325161e42e9e7dff123459b43b3c27fa95dbe614392fc6cf3698ed1ee41eb6d26f015f719a612361bf2a4851

    • SSDEEP

      6144:PsCwu+mWhJifvtNP/7YXSLB80PetF5UhR3prt:kxmIJQvPkitegR3pJ

    Score
    10/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks