0b82619071f194db8381fe5253b0c11d3f0eb951c85f944d679faed1b249a112 | Triage

Sharing

General

Target

5baa5dca1583315a7add9e550dde40fc
Size

46KB
Sample

231226-hzha7aaedl
MD5

5baa5dca1583315a7add9e550dde40fc
SHA1

b3860a972400764b183cf501908a3f1e15934f50
SHA256

0b82619071f194db8381fe5253b0c11d3f0eb951c85f944d679faed1b249a112
SHA512

f72a1360efa1c646e14c300e4d3f45082e84c1713926287850e3bc6679ffb425fa0ed196a89685600e33626923d06fab0f3119970737dcb26108fdca6dd7f066
SSDEEP

768:b0lr8TfPbTIrujrXENNJU0izu3tm/2/aO597RQCgHTZfA3CCY1:b0uTPTjzEN8OWUaA9VPgHTZH1

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  2021APT-28_71700453.js
- Size
  
  109KB
- MD5
  
  f6a393d8108626ada8accd41aeda7c15
- SHA1
  
  dce9fa178fe5ac244d759a6e2a2a3847463406da
- SHA256
  
  d1fa39c36a3c6bb33f2cfb305537720415eafa40c5621233654382c5247b7802
- SHA512
  
  b32744b28ceeb2202445374bc249015e914099f5d47aec073825ecc17efe3adbe5e199d7459bda51a8dfd8b43699f64ea299215feadfe5b8b82af8302f53af51
- SSDEEP
  
  3072:DUB0+wbwRBneQ9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd51:hRnQ9Ry9RuXqW4SzUHmLKeMMU7GwWBP5
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2