b82b79181cdd7422ac575c5e23f7df3e4ec3cf4181e1dd9ae4bf6ec4b8358cb8 | Triage

Sharing

General

Target

dc359b5a2bc9d94379d36c870c55e168_JaffaCakes118
Size

1KB
Sample

240912-mskvyssdjl
MD5

dc359b5a2bc9d94379d36c870c55e168
SHA1

7787f6874a077276f8079d92048846255e57d6a2
SHA256

b82b79181cdd7422ac575c5e23f7df3e4ec3cf4181e1dd9ae4bf6ec4b8358cb8
SHA512

6272f18a97c5461116958fba980992ba9d5f69486992b480e00648822cdc845b3fb4109b99342353f367cd8cab7c357320032add8eda3883a3cf994ee032b394

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://1361227624.rsc.cdn77.org/v2/gl.php?aHR0cHM6Ly8xMzYxMjI3NjI0LnJzYy5jZG43Ny5vcmcvdjJ8d3IzMQ%3D%3D%

Targets

- Target
  
  Mercadoria_Devolvida-Correios-1SU3RI8J.lnk
- Size
  
  3KB
- MD5
  
  246e74b6fffb9d5994f7f70bb6509b45
- SHA1
  
  4b7bdf4808ce987b9f94ea40bdd081217867483a
- SHA256
  
  0db8cc27123c8bbd5ae0139980b604c514caeeed51da22d67d440e5369f8be1e
- SHA512
  
  178cf1ff0d8213ff94de68f5c1c267d50c3a958126925a2c50a554a29229c6f6834d1bf140fdb9f7168352d068880c7730e047e177496af0a8b57dde62fd8e08
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2