1619678570294e1afb0299463df611ce654cc81f6d5bfab14a1f3959f80740b7 | Triage

Sharing

General

Target

2fcae52e3354e9d84707b7e12ec9a436
Size

67KB
Sample

231225-vpqwssdgf3
MD5

2fcae52e3354e9d84707b7e12ec9a436
SHA1

c6e99cfbf8dab7ae2d04660b57486e751f6bf32f
SHA256

1619678570294e1afb0299463df611ce654cc81f6d5bfab14a1f3959f80740b7
SHA512

84c6063e5610e9aa7e227c7e5dffa5ec960cffd57e4207aec2fa333bc410722fb2ae3f066a27cde18d6b109703e946bf079af280fc40967d1df5c3c46fe9b64b
SSDEEP

1536:/FCzZEz+t9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bS:/wFEqt9Ry98guHVBqqg2bcruzUHmLKee

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  2fcae52e3354e9d84707b7e12ec9a436
- Size
  
  67KB
- MD5
  
  2fcae52e3354e9d84707b7e12ec9a436
- SHA1
  
  c6e99cfbf8dab7ae2d04660b57486e751f6bf32f
- SHA256
  
  1619678570294e1afb0299463df611ce654cc81f6d5bfab14a1f3959f80740b7
- SHA512
  
  84c6063e5610e9aa7e227c7e5dffa5ec960cffd57e4207aec2fa333bc410722fb2ae3f066a27cde18d6b109703e946bf079af280fc40967d1df5c3c46fe9b64b
- SSDEEP
  
  1536:/FCzZEz+t9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bS:/wFEqt9Ry98guHVBqqg2bcruzUHmLKee
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2