f4169d78bbdad09394a39e924d42c36e37ffea727528eb9a7ef7172eb1fe304f | Triage

Sharing

General

Target

072e2197b02173750c9ce40b564a44d0
Size

144KB
Sample

231229-3m1bfsbcf8
MD5

072e2197b02173750c9ce40b564a44d0
SHA1

ba17c04ec8acfad065eca8e3aeb9a9bd0e3b3915
SHA256

f4169d78bbdad09394a39e924d42c36e37ffea727528eb9a7ef7172eb1fe304f
SHA512

7c572d36853142341fa164a185238258c4fced2905cc1c48f16ac6d9dae1bec51750c9991187995c9f02f3270db6d712134a20269223510411e64f941a49e011
SSDEEP

3072:N9Gmm56KNvI9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzo:jmgKi9Ry9RuXqW4SzUHmLKeMMU7GwWBE

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  072e2197b02173750c9ce40b564a44d0
- Size
  
  144KB
- MD5
  
  072e2197b02173750c9ce40b564a44d0
- SHA1
  
  ba17c04ec8acfad065eca8e3aeb9a9bd0e3b3915
- SHA256
  
  f4169d78bbdad09394a39e924d42c36e37ffea727528eb9a7ef7172eb1fe304f
- SHA512
  
  7c572d36853142341fa164a185238258c4fced2905cc1c48f16ac6d9dae1bec51750c9991187995c9f02f3270db6d712134a20269223510411e64f941a49e011
- SSDEEP
  
  3072:N9Gmm56KNvI9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzo:jmgKi9Ry9RuXqW4SzUHmLKeMMU7GwWBE
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2