bdeb69529ec0bfa2dbb180b7f3a7d1e1b2a965f3df250479c36eecde558d7dc1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42d7cf49b073fe610757e60586c6cb4d
Size

105KB
Sample

231225-3brvyagha2
MD5

42d7cf49b073fe610757e60586c6cb4d
SHA1

869724723bc3b66ad08e8d87ff4f0abfcf2d3b70
SHA256

bdeb69529ec0bfa2dbb180b7f3a7d1e1b2a965f3df250479c36eecde558d7dc1
SHA512

7f71b111288f61e9e7ec4801ff75296fbf2b6894c610a32b8c63fa8bc18378c0ddbb4cc325e1c5c70c57e39a703faa80fbae43770205891b93beb89072794fe3
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXS:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGD

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  42d7cf49b073fe610757e60586c6cb4d
- Size
  
  105KB
- MD5
  
  42d7cf49b073fe610757e60586c6cb4d
- SHA1
  
  869724723bc3b66ad08e8d87ff4f0abfcf2d3b70
- SHA256
  
  bdeb69529ec0bfa2dbb180b7f3a7d1e1b2a965f3df250479c36eecde558d7dc1
- SHA512
  
  7f71b111288f61e9e7ec4801ff75296fbf2b6894c610a32b8c63fa8bc18378c0ddbb4cc325e1c5c70c57e39a703faa80fbae43770205891b93beb89072794fe3
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXS:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGD
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2