95d2b043821761056ebdaf782d4f1e07ce2629c5e9d5ad64d02ff41dedc4f75b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04d827ab4c6b0b98e8fe73d37a2a02c6
Size

76KB
Sample

231224-tjljfsghcj
MD5

04d827ab4c6b0b98e8fe73d37a2a02c6
SHA1

a691e309c62f5be3d98a2c94cfe26c01974eece1
SHA256

95d2b043821761056ebdaf782d4f1e07ce2629c5e9d5ad64d02ff41dedc4f75b
SHA512

b10e61eb9a75fdf74f704a284ed27a49c452c783abc7c637c43ddcbf47a9bd1396ead74e315a5eefe5b0f8972f31359be46d41925c76ee1fab3b590ad9a5529e
SSDEEP

1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/o/:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gx

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  04d827ab4c6b0b98e8fe73d37a2a02c6
- Size
  
  76KB
- MD5
  
  04d827ab4c6b0b98e8fe73d37a2a02c6
- SHA1
  
  a691e309c62f5be3d98a2c94cfe26c01974eece1
- SHA256
  
  95d2b043821761056ebdaf782d4f1e07ce2629c5e9d5ad64d02ff41dedc4f75b
- SHA512
  
  b10e61eb9a75fdf74f704a284ed27a49c452c783abc7c637c43ddcbf47a9bd1396ead74e315a5eefe5b0f8972f31359be46d41925c76ee1fab3b590ad9a5529e
- SSDEEP
  
  1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/o/:59Ry98guHVBqqg2bcruzUHmLKeMMU7Gx
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2