Overview

overview

10

Static

static

1

5213706677...98.lnk

windows7-x64

10

5213706677...98.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecea7d3819fa43d727343dc1e26442c4_JaffaCakes118

  • Size

    34KB

  • Sample

    240920-f13bms1dmk

  • MD5

    ecea7d3819fa43d727343dc1e26442c4

  • SHA1

    85034b4083ac90f4849f6c6de6c8978614c86b03

  • SHA256

    1c81630804b6f408d2ec4ce688cca89870e52893e59aea6d194c22bc4fb1d182

  • SHA512

    badbe0f94c0f02a427a160376bfcd716b63b8ca6989589cce5c9a1af91d7f624a0372f601b6affc0ec6b9f63628d38526cef4d469739d723255e03526fe6bfd5

  • SSDEEP

    768:tv2ncIPQ6RshzkmZp27DGtrtFXRVW22n2rvHSDM49vp:t6sJl27D+mDnHRh

Score
10/10
defense_evasionexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://adrianecolburn.com/download/md2.php

Targets

    • Target

      5213706677228235947485/52137066772282356147846598.lnk

    • Size

      4KB

    • MD5

      dc6cd3c09e2d75ef5f1df84472e9b4c4

    • SHA1

      bc79598890a4e39720d32aaaaa803eecf1bba3e3

    • SHA256

      0e85ba9b3fdcc615705fff18bdb7cafad1c99a5378f3f3518c3edc8f3d8cd805

    • SHA512

      7b651dc4a8f73b8bbf5230f754f428540ee4d8b6817a85491c5149ce762bd53288d0ed727c439561455c7f5ab1b66891cd5cb291b2e940f460377e44ce3c6a28

    • SSDEEP

      48:8YFAISNc2ca6rDbakVfmrhpNoVOLYYqXgP7Jiu0GCWUljXZYocIPw7ikOUqIIPwq:8u0c243VWlLVqX67cuiJp1hPwitPw2

    Score
    10/10
    defense_evasionexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks