46d53dd88d3ea8e55e951a45907ddd5e710a69d84572231b9e0dd21e34acc031 | Triage

Sharing

General

Target

f410496251cee5a5368c099df13dfbfa_JaffaCakes118
Size

114KB
Sample

240416-w22z9shc59
MD5

f410496251cee5a5368c099df13dfbfa
SHA1

759e483c2f3d7486b0330d4be6b694b6d20ebb8a
SHA256

46d53dd88d3ea8e55e951a45907ddd5e710a69d84572231b9e0dd21e34acc031
SHA512

922eaafe769caf6e06f1b93ea065b76d90ef9f5446a4904c7e74cde8ec8f53fbb071b50ff2e6b61f5a0460fe4488d38a0e1065c10bf56b81bd81199275194557
SSDEEP

3072:1mvDLH9Y+LwlCAylzFdRuV8ItJsSR9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWB6:a6S9vRAs29Ry9RuXqW4SzUHmLKeMMU79

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  f410496251cee5a5368c099df13dfbfa_JaffaCakes118
- Size
  
  114KB
- MD5
  
  f410496251cee5a5368c099df13dfbfa
- SHA1
  
  759e483c2f3d7486b0330d4be6b694b6d20ebb8a
- SHA256
  
  46d53dd88d3ea8e55e951a45907ddd5e710a69d84572231b9e0dd21e34acc031
- SHA512
  
  922eaafe769caf6e06f1b93ea065b76d90ef9f5446a4904c7e74cde8ec8f53fbb071b50ff2e6b61f5a0460fe4488d38a0e1065c10bf56b81bd81199275194557
- SSDEEP
  
  3072:1mvDLH9Y+LwlCAylzFdRuV8ItJsSR9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWB6:a6S9vRAs29Ry9RuXqW4SzUHmLKeMMU79
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2