4c95d49a4ccba503ef62813260211d237b95b22ab3b8532998526a1f5fcb441a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18a3c92c310878e9c920059d9093b5e9
Size

63KB
Sample

231224-28a31sbahq
MD5

18a3c92c310878e9c920059d9093b5e9
SHA1

19132139d6864738109fca076d5d61951fb64d54
SHA256

4c95d49a4ccba503ef62813260211d237b95b22ab3b8532998526a1f5fcb441a
SHA512

7160932adf198a92521424e426d0f0918b43afc6f050f025e5826455c443ea9baef049ffdfe75911a1706b4bac88155cf6d3a89a38469070d5ea1fe0deef7842
SSDEEP

1536:ja1D9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4Z:ja1D9Ry98guHVBqqg2bcruzUHmLKeMMe

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  18a3c92c310878e9c920059d9093b5e9
- Size
  
  63KB
- MD5
  
  18a3c92c310878e9c920059d9093b5e9
- SHA1
  
  19132139d6864738109fca076d5d61951fb64d54
- SHA256
  
  4c95d49a4ccba503ef62813260211d237b95b22ab3b8532998526a1f5fcb441a
- SHA512
  
  7160932adf198a92521424e426d0f0918b43afc6f050f025e5826455c443ea9baef049ffdfe75911a1706b4bac88155cf6d3a89a38469070d5ea1fe0deef7842
- SSDEEP
  
  1536:ja1D9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4Z:ja1D9Ry98guHVBqqg2bcruzUHmLKeMMe
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2