8efe032913724817053c8a193d0d58cf3b49d1d6ae27f253ae0a4d38405c1d8b | Triage

Sharing

General

Target

0800604e446e125494e1266be59ae3ca
Size

94KB
Sample

231225-f6dkgagce4
MD5

0800604e446e125494e1266be59ae3ca
SHA1

bd4ff1cafd4beb9687f628a9d4cf3b6573b64b6c
SHA256

8efe032913724817053c8a193d0d58cf3b49d1d6ae27f253ae0a4d38405c1d8b
SHA512

721916e8189a424a67d2ddb216c9503db1fdf93584cef04bd25d3c4511b3b93c33beb3b5df8e186115d05ee2e29a1001040adb39fb05c1ed8ce174c4a548d46c
SSDEEP

1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oS:59Ry98guHVBqqg2bcruzUHmLKeMMU7GU

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  0800604e446e125494e1266be59ae3ca
- Size
  
  94KB
- MD5
  
  0800604e446e125494e1266be59ae3ca
- SHA1
  
  bd4ff1cafd4beb9687f628a9d4cf3b6573b64b6c
- SHA256
  
  8efe032913724817053c8a193d0d58cf3b49d1d6ae27f253ae0a4d38405c1d8b
- SHA512
  
  721916e8189a424a67d2ddb216c9503db1fdf93584cef04bd25d3c4511b3b93c33beb3b5df8e186115d05ee2e29a1001040adb39fb05c1ed8ce174c4a548d46c
- SSDEEP
  
  1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oS:59Ry98guHVBqqg2bcruzUHmLKeMMU7GU
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2