eb3bb6a7ec6a23a279455af28aa725f734a13cf7983029c2fdec2cefaebd1f82 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

767121b660830442c65b5cd52c28f5d3_JaffaCakes118
Size

17KB
Sample

240526-xakgksfg2x
MD5

767121b660830442c65b5cd52c28f5d3
SHA1

91bbe1a94d2b62268361c4a4a297c959f5a98a0d
SHA256

eb3bb6a7ec6a23a279455af28aa725f734a13cf7983029c2fdec2cefaebd1f82
SHA512

023af1c43db289d20da1985f845afdc6694e4140d0b5640bc6b1b5a64906ca8db1d716ce071904af6cd5cc405044a2ad99b4f71d870236bed6267811930402f1
SSDEEP

384:76xD2ScXhxRXy/T2axVLam2x2tYQDyYmBzJ72TB7/60gvORe:76xDsfaT2QpaKtNwBzJ7e7/6zvQe

Score

8^/10

execution

Malware Config

Targets

- Target
  
  RXC_950_9203.J5-order.zip.lnk
- Size
  
  3KB
- MD5
  
  396b40670632d66aa9d75333fb3a18e5
- SHA1
  
  a2ed27e19991e747c9664f6e2d98f95b1837a59f
- SHA256
  
  f60acfaf318ccc255f1c96a90605dbd06f9638a806a42e8534b3d0782de329d7
- SHA512
  
  630527cce2f8b5f91bf4deedfb44c3f88e34d907361c41f3295301e65984b891b2315b00346419daa892a43a8132c5f4985af2f9a11e20ddf1abe52773784584
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2