c6a063fbb8ca4931eb80420e512fecd9f37052e12a627ee271b058503cf32c2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4be53aee9de27534a1321636ef417338
Size

83KB
Sample

231226-cnp9rsghg3
MD5

4be53aee9de27534a1321636ef417338
SHA1

4692f5c8369aedc66774397bd341382e35e99b07
SHA256

c6a063fbb8ca4931eb80420e512fecd9f37052e12a627ee271b058503cf32c2d
SHA512

0665fb3bdddd56ad47f45aefb6dff52e739a3ce1427055b92c26bbc0bff0591f05bf24073febd497741657a3cd82120d583ab0fe85cd83d3f857f6c458dd5278
SSDEEP

1536:Hs6p6MlDjeXz19Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8GG:M6p6G/eXz19Ry98guHVBqqg2bcruzUHP

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  4be53aee9de27534a1321636ef417338
- Size
  
  83KB
- MD5
  
  4be53aee9de27534a1321636ef417338
- SHA1
  
  4692f5c8369aedc66774397bd341382e35e99b07
- SHA256
  
  c6a063fbb8ca4931eb80420e512fecd9f37052e12a627ee271b058503cf32c2d
- SHA512
  
  0665fb3bdddd56ad47f45aefb6dff52e739a3ce1427055b92c26bbc0bff0591f05bf24073febd497741657a3cd82120d583ab0fe85cd83d3f857f6c458dd5278
- SSDEEP
  
  1536:Hs6p6MlDjeXz19Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8GG:M6p6G/eXz19Ry98guHVBqqg2bcruzUHP
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2