d459b471566d70ba7b2b12b4caa8db1def229f69351b6418df9a52b769201005 | Triage

Sharing

General

Target

ff8cc167467fafc1789656bdab467de8_JaffaCakes118
Size

1KB
Sample

240930-afrrhsxclp
MD5

ff8cc167467fafc1789656bdab467de8
SHA1

ff3f3d924012dbd249dc8cf4e9c33fa2bc5be614
SHA256

d459b471566d70ba7b2b12b4caa8db1def229f69351b6418df9a52b769201005
SHA512

22932482f0966c9469e9c701b0acd4852d943d6aac08358c6a7996fbe1471f5e4b3bd140da57a0374b39f7f06f07abf662583261522c118774dc3ee361069bad

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.upload.ee/download/7435588/411c441150c712390a6f/server.exe

Targets

- Target
  
  ff8cc167467fafc1789656bdab467de8_JaffaCakes118
- Size
  
  1KB
- MD5
  
  ff8cc167467fafc1789656bdab467de8
- SHA1
  
  ff3f3d924012dbd249dc8cf4e9c33fa2bc5be614
- SHA256
  
  d459b471566d70ba7b2b12b4caa8db1def229f69351b6418df9a52b769201005
- SHA512
  
  22932482f0966c9469e9c701b0acd4852d943d6aac08358c6a7996fbe1471f5e4b3bd140da57a0374b39f7f06f07abf662583261522c118774dc3ee361069bad
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2