67af633a69973d52fb4a10aec379de048d9ea215d03368a101f5d53d5723a29e | Triage

Sharing

General

Target

ff43bad4fe98af58f5e54cfce9b2faf1_JaffaCakes118
Size

89KB
Sample

240421-pj4yksbf2v
MD5

ff43bad4fe98af58f5e54cfce9b2faf1
SHA1

29781ecabb57836b6f747e6d42aac1c2d303ebb0
SHA256

67af633a69973d52fb4a10aec379de048d9ea215d03368a101f5d53d5723a29e
SHA512

75244fc1c76ff10dbd243264f0d6dad7626dd267f7d402f8b9a7d58d380ee98feff704e6023f2cba5d4854d219263d1a6d289e332ae644591480131e230fd744
SSDEEP

1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oH:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gh

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  ff43bad4fe98af58f5e54cfce9b2faf1_JaffaCakes118
- Size
  
  89KB
- MD5
  
  ff43bad4fe98af58f5e54cfce9b2faf1
- SHA1
  
  29781ecabb57836b6f747e6d42aac1c2d303ebb0
- SHA256
  
  67af633a69973d52fb4a10aec379de048d9ea215d03368a101f5d53d5723a29e
- SHA512
  
  75244fc1c76ff10dbd243264f0d6dad7626dd267f7d402f8b9a7d58d380ee98feff704e6023f2cba5d4854d219263d1a6d289e332ae644591480131e230fd744
- SSDEEP
  
  1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oH:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gh
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2