28270436a38476de8e590d3b5ed767289c271e64b799fc5d2ab6bcda16661fac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

016c75b0acfd3f921f79cd0fe1d02060
Size

73KB
Sample

231224-rytghagadl
MD5

016c75b0acfd3f921f79cd0fe1d02060
SHA1

7f550092ab057423abf3c888af4aeb35b5c9d290
SHA256

28270436a38476de8e590d3b5ed767289c271e64b799fc5d2ab6bcda16661fac
SHA512

cb10b8e2bd93d22e5f1860251bcb07ea576c552ee6ce248f62d1fef7b3848c2d83704b3c7bab8bebe1ec3e2d0bb414406f462882304947fae060906b463f4a2c
SSDEEP

1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oj:59Ry98guHVBqqg2bcruzUHmLKeMMU7G5

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  016c75b0acfd3f921f79cd0fe1d02060
- Size
  
  73KB
- MD5
  
  016c75b0acfd3f921f79cd0fe1d02060
- SHA1
  
  7f550092ab057423abf3c888af4aeb35b5c9d290
- SHA256
  
  28270436a38476de8e590d3b5ed767289c271e64b799fc5d2ab6bcda16661fac
- SHA512
  
  cb10b8e2bd93d22e5f1860251bcb07ea576c552ee6ce248f62d1fef7b3848c2d83704b3c7bab8bebe1ec3e2d0bb414406f462882304947fae060906b463f4a2c
- SSDEEP
  
  1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oj:59Ry98guHVBqqg2bcruzUHmLKeMMU7G5
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2