064108b26f82e4cf579d93efb547401cc61436c1027edede6bd5ecf601cc8b8a | Triage

Sharing

General

Target

ee53c22fb468250a322d4e4af41d7cf4_JaffaCakes118
Size

5KB
Sample

240920-yrxznsvfmg
MD5

ee53c22fb468250a322d4e4af41d7cf4
SHA1

ad4fd512fbe16266cc5d61557a7586e7acb92ac5
SHA256

064108b26f82e4cf579d93efb547401cc61436c1027edede6bd5ecf601cc8b8a
SHA512

2e3af9ac12cc85e3f5a84dec9114c392f643389a1e29b9b85eadcab17671baadc640265bc52463d14fe603211ee0d2a6e6ec1cf495dede8b8aa3592a09d1d2ec
SSDEEP

96:xFNM1k9DrbN793yG6dihlu6O4mNnkOGX3aLlYR:xvuAF93yXihf9EUXaY

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://f0550716.xsph.ru/U3ew1mckZfTHHAs

Targets

- Target
  
  ee53c22fb468250a322d4e4af41d7cf4_JaffaCakes118
- Size
  
  5KB
- MD5
  
  ee53c22fb468250a322d4e4af41d7cf4
- SHA1
  
  ad4fd512fbe16266cc5d61557a7586e7acb92ac5
- SHA256
  
  064108b26f82e4cf579d93efb547401cc61436c1027edede6bd5ecf601cc8b8a
- SHA512
  
  2e3af9ac12cc85e3f5a84dec9114c392f643389a1e29b9b85eadcab17671baadc640265bc52463d14fe603211ee0d2a6e6ec1cf495dede8b8aa3592a09d1d2ec
- SSDEEP
  
  96:xFNM1k9DrbN793yG6dihlu6O4mNnkOGX3aLlYR:xvuAF93yXihf9EUXaY
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2