General

  • Target

    b31c75b7dc8ed2f98a9aab9aaddbcbbd_JaffaCakes118

  • Size

    780B

  • Sample

    240821-mj94gstbnd

  • MD5

    b31c75b7dc8ed2f98a9aab9aaddbcbbd

  • SHA1

    541849a47025dfb95c64af6ba3fa59874425ac77

  • SHA256

    ddfbccffbf9897fda437d33be78846eae012d7e60b718bd56feecbe1164b986a

  • SHA512

    e90cea864c6b8d38607fd5837a27eff207f95c3dbea31ab26b4e9d318b7c985608cdad04779e8d1d1bf3069c31b5e9fd61f3fbf3b4eeb427c7b1347ec318f765

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://217.8.117.63/tspam.exe

Targets

    • Target

      b31c75b7dc8ed2f98a9aab9aaddbcbbd_JaffaCakes118

    • Size

      780B

    • MD5

      b31c75b7dc8ed2f98a9aab9aaddbcbbd

    • SHA1

      541849a47025dfb95c64af6ba3fa59874425ac77

    • SHA256

      ddfbccffbf9897fda437d33be78846eae012d7e60b718bd56feecbe1164b986a

    • SHA512

      e90cea864c6b8d38607fd5837a27eff207f95c3dbea31ab26b4e9d318b7c985608cdad04779e8d1d1bf3069c31b5e9fd61f3fbf3b4eeb427c7b1347ec318f765

    Score
    1/10
    • Target

      PIC115164.jpg.js

    • Size

      650B

    • MD5

      a7ab035cbabbaa850b95e1eb8c877789

    • SHA1

      1175c71d4e70591c3816292fd9107486a7fb3bbe

    • SHA256

      a84be445b2a8be5ed37e7d23816293f15ba5acec72fde6e77d59db4832eace48

    • SHA512

      7189b836a35309cc29acadfb3ed9bb915db1adb47780b70c1ec44ab308d46eaebdc1ab1fae7a460d437f47fef781c0a4d7d9c4e025f7de6e0952b21d792c1854

    Score
    10/10
    • Blocklisted process makes network request

    • Download via BitsAdmin

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks