Overview

overview

10

Static

static

1

0f5caf7f3e...18.vbs

windows7-x64

10

0f5caf7f3e...18.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0f5caf7f3e8ccbee02e21575b337d031_JaffaCakes118

  • Size

    727B

  • Sample

    241003-ss54sasdjp

  • MD5

    0f5caf7f3e8ccbee02e21575b337d031

  • SHA1

    7fcf17c5a51e19d0b2def5719a36b581f391d9fc

  • SHA256

    1c6adefb631929c92c652eaad245e909b6fc8e872b24a026d7d5bdd385ef0b73

  • SHA512

    58a1183a32adc11b3989606831519d8aa87f164a832e851c3099a9f36532f5461ea4e6e726f6bfeaaf156e181324f55f2204d80371a94c5071299415bf4def72

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://transfer.sh/1tECsY6/REd.txt

Targets

    • Target

      0f5caf7f3e8ccbee02e21575b337d031_JaffaCakes118

    • Size

      727B

    • MD5

      0f5caf7f3e8ccbee02e21575b337d031

    • SHA1

      7fcf17c5a51e19d0b2def5719a36b581f391d9fc

    • SHA256

      1c6adefb631929c92c652eaad245e909b6fc8e872b24a026d7d5bdd385ef0b73

    • SHA512

      58a1183a32adc11b3989606831519d8aa87f164a832e851c3099a9f36532f5461ea4e6e726f6bfeaaf156e181324f55f2204d80371a94c5071299415bf4def72

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks