e0e200c41b0d1cb733993874c13c2b716765b29c32993d63435fcefc5db5b2ad | Triage

Sharing

General

Target

6076e083ff072eb4cec6bbc7481b99ec
Size

108KB
Sample

231226-kkrx7aahck
MD5

6076e083ff072eb4cec6bbc7481b99ec
SHA1

1dac13a7223d572b34c2da1fde0de9639e3e6b65
SHA256

e0e200c41b0d1cb733993874c13c2b716765b29c32993d63435fcefc5db5b2ad
SHA512

c4584d8df91e8626c1efa96f2ccc4426e484823a757a44d51d250427c5fb67699ae85cc63f99aa231d4a51f7b7f2a13a619972a11741b145d212a36a2ce897b7
SSDEEP

3072:k1JVG7OLu7cZUcMjoF539Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZM:A8Oi7wUcOa39Ry9RuXqW4SzUHmLKeMMe

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  6076e083ff072eb4cec6bbc7481b99ec
- Size
  
  108KB
- MD5
  
  6076e083ff072eb4cec6bbc7481b99ec
- SHA1
  
  1dac13a7223d572b34c2da1fde0de9639e3e6b65
- SHA256
  
  e0e200c41b0d1cb733993874c13c2b716765b29c32993d63435fcefc5db5b2ad
- SHA512
  
  c4584d8df91e8626c1efa96f2ccc4426e484823a757a44d51d250427c5fb67699ae85cc63f99aa231d4a51f7b7f2a13a619972a11741b145d212a36a2ce897b7
- SSDEEP
  
  3072:k1JVG7OLu7cZUcMjoF539Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZM:A8Oi7wUcOa39Ry9RuXqW4SzUHmLKeMMe
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2