fb0a567d49076290bb8574322046696ab932171b98d49ce5f87bd0d5867accd3 | Triage

Sharing

General

Target

5e57fc152fd2f5500408364a029c2c46.unknown
Size

99KB
Sample

240106-lzzr1sebc9
MD5

5e57fc152fd2f5500408364a029c2c46
SHA1

18cb3d73cff84450934b7ef162268b9bed5f3775
SHA256

fb0a567d49076290bb8574322046696ab932171b98d49ce5f87bd0d5867accd3
SHA512

98b8b7c0ee3a6b71efed36ac2035528f5e01cd54f31bbd7a02792aa66b020ff554e48f0f9c86bc6f0e8b1321521a0406dfddb0a5d2a0b8cbdb0d802b1b53b45a
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXh:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGm

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  5e57fc152fd2f5500408364a029c2c46.unknown
- Size
  
  99KB
- MD5
  
  5e57fc152fd2f5500408364a029c2c46
- SHA1
  
  18cb3d73cff84450934b7ef162268b9bed5f3775
- SHA256
  
  fb0a567d49076290bb8574322046696ab932171b98d49ce5f87bd0d5867accd3
- SHA512
  
  98b8b7c0ee3a6b71efed36ac2035528f5e01cd54f31bbd7a02792aa66b020ff554e48f0f9c86bc6f0e8b1321521a0406dfddb0a5d2a0b8cbdb0d802b1b53b45a
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXh:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGm
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2