0f989532feb27cdce978de05898d8acfa86cacfeaca95dc4d22463b0f1e8ca00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

246ce6cf512c5cb88f8a81bb6f21ffb6
Size

115KB
Sample

231231-cwfejaehhj
MD5

246ce6cf512c5cb88f8a81bb6f21ffb6
SHA1

f1df0e5abcf47dca52ffb628b1f52146a9cd500b
SHA256

0f989532feb27cdce978de05898d8acfa86cacfeaca95dc4d22463b0f1e8ca00
SHA512

6d0c77056711d32bf1616ceae797bfb41777aa3b4c29ccb5a1ebd8a498b928b192df7a2313797ce2c4b8c9d253db34e3eb1cdf65fe19d81fddeebf3bf51c2fe4
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXb:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGE

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  246ce6cf512c5cb88f8a81bb6f21ffb6
- Size
  
  115KB
- MD5
  
  246ce6cf512c5cb88f8a81bb6f21ffb6
- SHA1
  
  f1df0e5abcf47dca52ffb628b1f52146a9cd500b
- SHA256
  
  0f989532feb27cdce978de05898d8acfa86cacfeaca95dc4d22463b0f1e8ca00
- SHA512
  
  6d0c77056711d32bf1616ceae797bfb41777aa3b4c29ccb5a1ebd8a498b928b192df7a2313797ce2c4b8c9d253db34e3eb1cdf65fe19d81fddeebf3bf51c2fe4
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXb:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGE
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2