Extracted

• • Target

    fc1006824cb66d17c68f1ffa53b37c4b_JaffaCakes118

  • Size

    3KB

  • MD5

    fc1006824cb66d17c68f1ffa53b37c4b

  • SHA1

    c54b745011bccb3d068ba74a4e543cb2de1043a4

  • SHA256

    95ca946aef501e5114c26cb6ef895dbc29761b4f7d6bbccc22e4bfbde1be6759

  • SHA512

    1d14c5b3058c994cf542807a4341510453fda81ea9a67cfc5038b2f8fc5e80fca3271c44a9c937d2366a140e197ec605bf280a18278cae6886fa939fb28053c0

  Score

  10^/10

  defense_evasionexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  behavioral1behavioral2