4e175e9c67d6b401419c7d8c425b66a395936f888294f247b331901dfcf0108d | Triage

Sharing

General

Target

fdd9062f80ec1f6e5a549d896d649ef9_JaffaCakes118
Size

95KB
Sample

240420-2xvy2scf9v
MD5

fdd9062f80ec1f6e5a549d896d649ef9
SHA1

7125adfe90d0a1b90551ecf42c258b634e1e5069
SHA256

4e175e9c67d6b401419c7d8c425b66a395936f888294f247b331901dfcf0108d
SHA512

ef95f2bb8c327e19b8431c649ac62dd4dabfaf97bd4a82f9bbfdf3b0387d0f9f74dc9f34c736e4f932d1f7386909343513137d2df05649b7193126ec869ac52d
SSDEEP

1536:Gp8zc14E9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzy:08zcGE9Ry98guHVBqqg2bcruzUHmLKea

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  fdd9062f80ec1f6e5a549d896d649ef9_JaffaCakes118
- Size
  
  95KB
- MD5
  
  fdd9062f80ec1f6e5a549d896d649ef9
- SHA1
  
  7125adfe90d0a1b90551ecf42c258b634e1e5069
- SHA256
  
  4e175e9c67d6b401419c7d8c425b66a395936f888294f247b331901dfcf0108d
- SHA512
  
  ef95f2bb8c327e19b8431c649ac62dd4dabfaf97bd4a82f9bbfdf3b0387d0f9f74dc9f34c736e4f932d1f7386909343513137d2df05649b7193126ec869ac52d
- SSDEEP
  
  1536:Gp8zc14E9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzy:08zcGE9Ry98guHVBqqg2bcruzUHmLKea
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2