5d7f0011fe14d2f595df1f8630724d010b68d959d65bd06ca7f72864adebd125 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0463330313640d8e476e5dfbcb6100b_JaffaCakes118
Size

806KB
Sample

240820-wppt6swcpd
MD5

b0463330313640d8e476e5dfbcb6100b
SHA1

329f2c9d5a28aca89ff8401ad80136877876bde8
SHA256

5d7f0011fe14d2f595df1f8630724d010b68d959d65bd06ca7f72864adebd125
SHA512

89e2d4f4dc4f06602aac27b84555388b5c33ac1d3d9ab935a306ac65f14620b1aa6f5c8bc0a15d21018aea185c75bcdc192ae1f69350823e680c53bb6fe708ab
SSDEEP

24576:HNR2zaQBt37/CZ0w1PeWnzqhqCC6+PE0w:eUsrC6aEp

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://paste.ee/r/huSJk

ps1.dropper

https://paste.ee/r/FoeuG

Targets

- Target
  
  b0463330313640d8e476e5dfbcb6100b_JaffaCakes118
- Size
  
  806KB
- MD5
  
  b0463330313640d8e476e5dfbcb6100b
- SHA1
  
  329f2c9d5a28aca89ff8401ad80136877876bde8
- SHA256
  
  5d7f0011fe14d2f595df1f8630724d010b68d959d65bd06ca7f72864adebd125
- SHA512
  
  89e2d4f4dc4f06602aac27b84555388b5c33ac1d3d9ab935a306ac65f14620b1aa6f5c8bc0a15d21018aea185c75bcdc192ae1f69350823e680c53bb6fe708ab
- SSDEEP
  
  24576:HNR2zaQBt37/CZ0w1PeWnzqhqCC6+PE0w:eUsrC6aEp
Score

10^/10

discovery execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution