1ca7b20941d0f48f412a5980d0e6246ad64f57543b02afbd0d3cbdb260e5d347 | Triage

Sharing

General

Target

459504d2f4911f64112e222ae6c9a239
Size

105KB
Sample

240106-hsza5abhg5
MD5

459504d2f4911f64112e222ae6c9a239
SHA1

65e5479d82cbd111f2be171f379b3de11be0b265
SHA256

1ca7b20941d0f48f412a5980d0e6246ad64f57543b02afbd0d3cbdb260e5d347
SHA512

bf93d00eacd5154b302d7a681a803162e3e08eb573a140d9629551287450f177ec7dbedb82f1bb61f908861f583fb6e3fe4c2b7caa7ec4b84c8d4c53513e289f
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXx:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGM

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  459504d2f4911f64112e222ae6c9a239
- Size
  
  105KB
- MD5
  
  459504d2f4911f64112e222ae6c9a239
- SHA1
  
  65e5479d82cbd111f2be171f379b3de11be0b265
- SHA256
  
  1ca7b20941d0f48f412a5980d0e6246ad64f57543b02afbd0d3cbdb260e5d347
- SHA512
  
  bf93d00eacd5154b302d7a681a803162e3e08eb573a140d9629551287450f177ec7dbedb82f1bb61f908861f583fb6e3fe4c2b7caa7ec4b84c8d4c53513e289f
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXx:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGM
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2