62fe32c05a90d62e0172612ab9ffdc1f29cddb8a16abb1d81a4e667448d82708 | Triage

Sharing

General

Target

ff23e2f8c0db0ef14f8f95cb7415a67f_JaffaCakes118
Size

99KB
Sample

240421-m7dp7ahg8x
MD5

ff23e2f8c0db0ef14f8f95cb7415a67f
SHA1

278f51d296ffd12358ceb73eeb78a1cd9bd7f24f
SHA256

62fe32c05a90d62e0172612ab9ffdc1f29cddb8a16abb1d81a4e667448d82708
SHA512

d998ed726d06f31b18a81979d561a9baebdbfdaabe655e2f636517d39c42878c90a3a01498e2c54c688e077bca909230f5c0cd877c81ddf93704a2ea7f7d1c91
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXa:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGR

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  ff23e2f8c0db0ef14f8f95cb7415a67f_JaffaCakes118
- Size
  
  99KB
- MD5
  
  ff23e2f8c0db0ef14f8f95cb7415a67f
- SHA1
  
  278f51d296ffd12358ceb73eeb78a1cd9bd7f24f
- SHA256
  
  62fe32c05a90d62e0172612ab9ffdc1f29cddb8a16abb1d81a4e667448d82708
- SHA512
  
  d998ed726d06f31b18a81979d561a9baebdbfdaabe655e2f636517d39c42878c90a3a01498e2c54c688e077bca909230f5c0cd877c81ddf93704a2ea7f7d1c91
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXa:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGR
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2