0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8 | Triage

Sharing

General

Target

pororocage.js
Size

1KB
Sample

240604-hsm8vsgh5t
MD5

aec4ed9c8430a1d085c58d64f946ae09
SHA1

fc49886d6ba94041142692d8ce8fbb785ecdcd57
SHA256

0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8
SHA512

987077af6f07f68270058253e9f2ccac37a1fd5c24a6596aee977718afa9dbc5b6dd6c69240c2ac2119c9e44f8c842c0a943a7044d282f041a4ea2ba68d0debf

Score

8^/10

execution

Malware Config

Targets

- Target
  
  pororocage.js
- Size
  
  1KB
- MD5
  
  aec4ed9c8430a1d085c58d64f946ae09
- SHA1
  
  fc49886d6ba94041142692d8ce8fbb785ecdcd57
- SHA256
  
  0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8
- SHA512
  
  987077af6f07f68270058253e9f2ccac37a1fd5c24a6596aee977718afa9dbc5b6dd6c69240c2ac2119c9e44f8c842c0a943a7044d282f041a4ea2ba68d0debf
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2