1612f0161c79816e64580161b8a1006663f68a3d9403bfa9b8270498fe209712 | Triage

Sharing

General

Target

faab3e5f78adeee0a978251e6abe4651
Size

82KB
Sample

231228-1qlalabcfj
MD5

faab3e5f78adeee0a978251e6abe4651
SHA1

f80909ac65e84518a1efed219f4b81f39e618217
SHA256

1612f0161c79816e64580161b8a1006663f68a3d9403bfa9b8270498fe209712
SHA512

6d63b29ed4fc857fee7774ea666d09364c8d1adba17b6cc0a1e407a31f4d110afe0ffbda83396ffc368d592b40adb238219e910a33c013be163ea1d50e994fcb
SSDEEP

1536:rNGcdRQHbkYWnc9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8R:rNGHHbpWc9Ry98guHVBqqg2bcruzUHm2

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  faab3e5f78adeee0a978251e6abe4651
- Size
  
  82KB
- MD5
  
  faab3e5f78adeee0a978251e6abe4651
- SHA1
  
  f80909ac65e84518a1efed219f4b81f39e618217
- SHA256
  
  1612f0161c79816e64580161b8a1006663f68a3d9403bfa9b8270498fe209712
- SHA512
  
  6d63b29ed4fc857fee7774ea666d09364c8d1adba17b6cc0a1e407a31f4d110afe0ffbda83396ffc368d592b40adb238219e910a33c013be163ea1d50e994fcb
- SSDEEP
  
  1536:rNGcdRQHbkYWnc9Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8R:rNGHHbpWc9Ry98guHVBqqg2bcruzUHm2
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2