General

  • Target

    a6510978e3b1afc734bf15c59267210d_JaffaCakes118

  • Size

    6.0MB

  • Sample

    240613-s52l5aygjq

  • MD5

    a6510978e3b1afc734bf15c59267210d

  • SHA1

    dd6942a822ec7b30e46372290939ea38db4adc1e

  • SHA256

    0b01cc0e08dc7b5d973f7eb30461d71e6fd0808f7ff68c7d9bef90b28f630944

  • SHA512

    40c2ab353589c6e89caf2e575a5175651c632d16804c360cd562f93e5767e2dbfa91015142bbad4c43c37b333258ed8887a79ecf1864ff660af17b45b712b16b

  • SSDEEP

    98304:tQuX+W4F3tj+pqnSx/jFc4un3daM+4Viu5MHdvWjjJ43xMKMCxrENU+d5qkTcd:yUgt+kYbO3YMhVpaKjJqxIbakTO

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://goo.gl/v5D4FL

Targets

    • Target

      pLh Paladins 2017/pLh Paladins 2017.exe

    • Size

      6.0MB

    • MD5

      0d846a90666124e6271b359dba466e25

    • SHA1

      26b8d72548989fbbcfaf23c3085dd7256ee2b613

    • SHA256

      bdc65e383834163e8c493ccced8b96eac6412d28051c8665fe3663e0ebadf782

    • SHA512

      540e3dcb31ade85b2f3ad0136b1caf5adb3809493019882afdcf224ce9cb0683f479fee5cecf08d00099d9a1a3e4c37b8434b192c6c1283fa41b3a7bc32fb7c8

    • SSDEEP

      98304:DHgUXO2N/VeEOKcOk3XyPqPLyJKS4J3R4ZImfJwW+8PJp/ZAOBvAYM0soJFgn/bK:DNVN9eEY9jaK9wumxwfG7Z9lLsoJFgne

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      pLh Paladins 2017/setings.dll

    • Size

      281KB

    • MD5

      801cd46b3f719731fa3639c81c289ac2

    • SHA1

      e2a182acb053657330cccab6b9a2c7621c10313d

    • SHA256

      75e1dacbc87a4aef4c216a7e7889e2744549661672fd82f723de15eb7bbd49dd

    • SHA512

      d8cc670cf27f27d34e217b854ba2ce4cfaa749e93279d4a02142ed9d74738685a43899e5fb1d3ef31e62e052d7d772f25a217e031b28828b858cfa0235210e87

    • SSDEEP

      6144:HfMHTznfj4OWxlpKxiGUcz+a6r6C0jWNA4qTr4as:UHTznXjUgk0jW64qAJ

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks