ba125bfb58d936c5c90892ea54e7658e0689dc80a7a4455de2b5e9aaf2ab64e7 | Triage

Sharing

General

Target

5358dcb3fe1e04dfb0d31dde1346e505
Size

70KB
Sample

240111-m6jvtaeehn
MD5

5358dcb3fe1e04dfb0d31dde1346e505
SHA1

3f70814742826717f67780c9bb6bf45aebebb135
SHA256

ba125bfb58d936c5c90892ea54e7658e0689dc80a7a4455de2b5e9aaf2ab64e7
SHA512

ebd222802f4909ce7e5ce212d10d2a95beee93aace94caf9627209cabbc06075a24fb2482d5c6d30168d28f6fb23107e672484ebde6835acef0038f3db55abcd
SSDEEP

1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/ok:59Ry98guHVBqqg2bcruzUHmLKeMMU7Ge

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  5358dcb3fe1e04dfb0d31dde1346e505
- Size
  
  70KB
- MD5
  
  5358dcb3fe1e04dfb0d31dde1346e505
- SHA1
  
  3f70814742826717f67780c9bb6bf45aebebb135
- SHA256
  
  ba125bfb58d936c5c90892ea54e7658e0689dc80a7a4455de2b5e9aaf2ab64e7
- SHA512
  
  ebd222802f4909ce7e5ce212d10d2a95beee93aace94caf9627209cabbc06075a24fb2482d5c6d30168d28f6fb23107e672484ebde6835acef0038f3db55abcd
- SSDEEP
  
  1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/ok:59Ry98guHVBqqg2bcruzUHmLKeMMU7Ge
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2