f4aaafbaa0469eb26a37cf3c73d46f6fc2f05f579fe0bee3ba9b0af27368ae7e | Triage

Sharing

General

Target

153c4db701ecc1a14346752a3e575f6a
Size

34KB
Sample

231225-lt2dnabed6
MD5

153c4db701ecc1a14346752a3e575f6a
SHA1

6cabb729034707c9769330ee056512f2d6c45121
SHA256

f4aaafbaa0469eb26a37cf3c73d46f6fc2f05f579fe0bee3ba9b0af27368ae7e
SHA512

f0dacb9207604fbd66b53721ddb3f3b8b0b163b0685aa3ea65ebba6bbdd477ed279d81c161733081a10a90bd8cfc04e7e51aa5c7a544625d7c798ddebd9d77c4
SSDEEP

768:LLpNJYPC3dJDsUd7MG14AKl7b6rHFGlJjUo8GH:Ld3D3N9MG1437bwHyR

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  2021APT-28_3438453.js
- Size
  
  92KB
- MD5
  
  1dd6deb7802512dc4dcccdd2fd4983fb
- SHA1
  
  e5b3b483d00e07a232cd4cd9085f153b09aeb079
- SHA256
  
  70138d15e673f5d5564ab689a50a3f6f73b43ffa410deef929b065fe1d81232c
- SHA512
  
  aec0efcdcdeaa9f9d739da2bc8164cbd958e04b8ae934118c7235a934752e8c8f0392b3603bc3cf578396ea92a1e56e23f6f0f8bc5a5cbf17903a94fdc30e8b2
- SSDEEP
  
  1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/ob:59Ry98guHVBqqg2bcruzUHmLKeMMU7GN
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2