c589e3885e93309f931a2c8cb7b490e73c6f1f31f717e286ef5a4b9d44e1adc7 | Triage

Sharing

General

Target

7b99b0cd5712708b595c6805c2c23e91
Size

100KB
Sample

231226-tml96ahahl
MD5

7b99b0cd5712708b595c6805c2c23e91
SHA1

5dc957a0502f586808a6c57689894889c94d9cc6
SHA256

c589e3885e93309f931a2c8cb7b490e73c6f1f31f717e286ef5a4b9d44e1adc7
SHA512

8a8b74226688dddaa693be0f8ccf283c0a20c021f9943b76c0d40f1615c39547d7dca10fcd899efad32d8780fa4c49b99567bce6b3144d2a4b11aa66aa62cdd2
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXH:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGM

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  7b99b0cd5712708b595c6805c2c23e91
- Size
  
  100KB
- MD5
  
  7b99b0cd5712708b595c6805c2c23e91
- SHA1
  
  5dc957a0502f586808a6c57689894889c94d9cc6
- SHA256
  
  c589e3885e93309f931a2c8cb7b490e73c6f1f31f717e286ef5a4b9d44e1adc7
- SHA512
  
  8a8b74226688dddaa693be0f8ccf283c0a20c021f9943b76c0d40f1615c39547d7dca10fcd899efad32d8780fa4c49b99567bce6b3144d2a4b11aa66aa62cdd2
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXH:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGM
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2