General

  • Target

    96fa56228ea088a702211f9423b6235c_JaffaCakes118

  • Size

    780B

  • Sample

    240814-vzamkatgng

  • MD5

    96fa56228ea088a702211f9423b6235c

  • SHA1

    f4e538da38dc89ec14002f20bd0ce04796e4d60f

  • SHA256

    adfdfb364c33df76af32b5e22c31a2d1275c30f93944e1b3f1a51b4772e5fedf

  • SHA512

    17863395354f965c13b8a4c0608e8253e8440ed1524d423cf7d01b53607855db86cd54ca2941ab2499c05f0c3d29b1b83bb0d91038d80443aaa19b61bfb3ee77

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://217.8.117.63/tspam.exe

Targets

    • Target

      96fa56228ea088a702211f9423b6235c_JaffaCakes118

    • Size

      780B

    • MD5

      96fa56228ea088a702211f9423b6235c

    • SHA1

      f4e538da38dc89ec14002f20bd0ce04796e4d60f

    • SHA256

      adfdfb364c33df76af32b5e22c31a2d1275c30f93944e1b3f1a51b4772e5fedf

    • SHA512

      17863395354f965c13b8a4c0608e8253e8440ed1524d423cf7d01b53607855db86cd54ca2941ab2499c05f0c3d29b1b83bb0d91038d80443aaa19b61bfb3ee77

    Score
    1/10
    • Target

      PIC199100.jpg.js

    • Size

      650B

    • MD5

      a7ab035cbabbaa850b95e1eb8c877789

    • SHA1

      1175c71d4e70591c3816292fd9107486a7fb3bbe

    • SHA256

      a84be445b2a8be5ed37e7d23816293f15ba5acec72fde6e77d59db4832eace48

    • SHA512

      7189b836a35309cc29acadfb3ed9bb915db1adb47780b70c1ec44ab308d46eaebdc1ab1fae7a460d437f47fef781c0a4d7d9c4e025f7de6e0952b21d792c1854

    Score
    10/10
    • Blocklisted process makes network request

    • Download via BitsAdmin

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks