0c40462e298ec3b262498d1db189d4e2915bf07c80e40981fc43914a0bc7266a | Triage

Sharing

General

Target

f12119a61710f460b889d71fec8f4217_JaffaCakes118
Size

39KB
Sample

240415-qc774afb27
MD5

f12119a61710f460b889d71fec8f4217
SHA1

09c303a01b3a28d7b7d14d60cfb42e796c5a911f
SHA256

0c40462e298ec3b262498d1db189d4e2915bf07c80e40981fc43914a0bc7266a
SHA512

82db9a65dca1687f34e3f4c2a6722e86d7a12a40dd6cd7fd035950753ddda481d07014ed391ff5ca63af1cb180a75e8afd97f30ca48f45de48c32d821a2b10b7
SSDEEP

768:+iCcml0Ql3+Fii9BGDvVwJ1mFEQwj9nj7K1kGJXx:+iCXl0q3jirG72JEWQw1y1keB

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  2021APT-28_86826453.js
- Size
  
  100KB
- MD5
  
  29a76c5fdb5147c66092d0f4e424ec80
- SHA1
  
  ede9d41990fc808a17021f351fc7583720a4e5f1
- SHA256
  
  cc006ebbcc9dafa2056bdef21d69836a9b46d9accc6080b93e768a98397e9afa
- SHA512
  
  1c6607b0862d28b7d6634cb84b1acaa86dbca32d05bf346594c739ea154ed957d694caf8887cf1a6254048620c9bfdc6d9159f46936b8b4126f11b962c04e5a1
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXd:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGU
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2