9efcba2f3c9d0e7859e904f236443f76fdc25b1d5c6209a8280eae8d3c5f69e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44e807629372663fc7cb1e0b755cd171
Size

105KB
Sample

240106-bl45gafbd8
MD5

44e807629372663fc7cb1e0b755cd171
SHA1

89beb07e33347e1e21d9ffbda9e7945ec485c288
SHA256

9efcba2f3c9d0e7859e904f236443f76fdc25b1d5c6209a8280eae8d3c5f69e7
SHA512

d94e0d86c24239a5d98713dffe0f06217528d47cac5761e91f75ab5e82c20a8e8ed8b46520f9f063a82aabcc1bbb0c23b4ed3f05d264765f3b10d4ecf9e3fcef
SSDEEP

3072:sxW+kakUuEDTTvn9XSIy/R9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9v:MW+k3eTDtSNR9Ry9RuXqW4SzUHmLKeMD

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  44e807629372663fc7cb1e0b755cd171
- Size
  
  105KB
- MD5
  
  44e807629372663fc7cb1e0b755cd171
- SHA1
  
  89beb07e33347e1e21d9ffbda9e7945ec485c288
- SHA256
  
  9efcba2f3c9d0e7859e904f236443f76fdc25b1d5c6209a8280eae8d3c5f69e7
- SHA512
  
  d94e0d86c24239a5d98713dffe0f06217528d47cac5761e91f75ab5e82c20a8e8ed8b46520f9f063a82aabcc1bbb0c23b4ed3f05d264765f3b10d4ecf9e3fcef
- SSDEEP
  
  3072:sxW+kakUuEDTTvn9XSIy/R9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9v:MW+k3eTDtSNR9Ry9RuXqW4SzUHmLKeMD
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2