858c09f6032b213e8cb62f48d6ecb7237637e9eea5866973905d6c1f13a81bdf

Sharing

Copy URL

Twitter E-mail

General

Target

deb6ce5cd12ee307ab94346e1f9c9491_JaffaCakes118
Size

122KB
Sample

240913-xqh9fstelb
MD5

deb6ce5cd12ee307ab94346e1f9c9491
SHA1

af951cc7418a54bd93c1af34454626ae4208a912
SHA256

858c09f6032b213e8cb62f48d6ecb7237637e9eea5866973905d6c1f13a81bdf
SHA512

7c2a1d6bd4191b28a6cfff9add11508052712e2f503430dfd1d4e172d68c31b11f26749098bfd31765fb095f1fbe7a1c677c140a5335341d413be26a3862c4b4
SSDEEP

3072:jEYXZWQsfGn/j4bAHG3v3tTWbUaaOWDCDnez/ISkdjBwILaqafP7sOWP/eIDCUcy:kC

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://1361227624.rsc.cdn77.org/v2/gl.php?aHR0cHM6Ly8xMzYxMjI3NjI0LnJzYy5jZG43Ny5vcmcvdjJ8d3IzMQ%3D%3D%

Targets

- Target
  
  Mercadoria_Devolvida-Correios-0JY43R0W.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Mercadoria_Devolvida-Correios-1A4D7UP8.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  Mercadoria_Devolvida-Correios-1EI6TV2W.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  Mercadoria_Devolvida-Correios-1SNBA8XY.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  Mercadoria_Devolvida-Correios-1SU3RI8J.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  Mercadoria_Devolvida-Correios-1YMU5EEM.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  Mercadoria_Devolvida-Correios-22ES4D25.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  Mercadoria_Devolvida-Correios-2CM0TJ01.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Blocklisted process makes network request

Checks computer location settings

Blocklisted process makes network request

Checks computer location settings

Blocklisted process makes network request

Checks computer location settings

Blocklisted process makes network request

Checks computer location settings

Blocklisted process makes network request

Checks computer location settings

Blocklisted process makes network request

Checks computer location settings

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16