89817a537dc9d9076de9547767fc4205979ab7f4537d38d609f1975540871661 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7e2e3ee2e92ce9d49d7bbaa6006e4d01.unknown
Size

96KB
Sample

240102-s16ehsbdd7
MD5

7e2e3ee2e92ce9d49d7bbaa6006e4d01
SHA1

2a8572fed31328ece599c7e468836bd0fbdc5b30
SHA256

89817a537dc9d9076de9547767fc4205979ab7f4537d38d609f1975540871661
SHA512

9a624cae94a24fb27da867c19d39248d2aa2014d2a9e703032dbd21d799089dc947c3c56f820c56ca03b21990253de2f945cd6cf3872e54cfe3c9cf4ec310c13
SSDEEP

3072:yE9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5ea+:h9Ry9RuXqW4SzUHmLKeMMU7GwWBPwVG7

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  7e2e3ee2e92ce9d49d7bbaa6006e4d01.unknown
- Size
  
  96KB
- MD5
  
  7e2e3ee2e92ce9d49d7bbaa6006e4d01
- SHA1
  
  2a8572fed31328ece599c7e468836bd0fbdc5b30
- SHA256
  
  89817a537dc9d9076de9547767fc4205979ab7f4537d38d609f1975540871661
- SHA512
  
  9a624cae94a24fb27da867c19d39248d2aa2014d2a9e703032dbd21d799089dc947c3c56f820c56ca03b21990253de2f945cd6cf3872e54cfe3c9cf4ec310c13
- SSDEEP
  
  3072:yE9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5ea+:h9Ry9RuXqW4SzUHmLKeMMU7GwWBPwVG7
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2