d58c58d8f8395e68b66eb1f5c674128571faafcb816af3ebe37aae3c1bf7be00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65033f728f82059f21f3f8437927d234
Size

112KB
Sample

240118-k271qsgebj
MD5

65033f728f82059f21f3f8437927d234
SHA1

de467c3d6f0b396a13b0bdbb01734017dfccbdc2
SHA256

d58c58d8f8395e68b66eb1f5c674128571faafcb816af3ebe37aae3c1bf7be00
SHA512

e3134f73328b5a1eaafd089a2ae1225dba65f80d227c5788372204f4baa37cc085c6359d0d27a5b1a8d52b5cf9231f2eca1014db4dab0615b6b1931a46a75141
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXt:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVG4

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  65033f728f82059f21f3f8437927d234
- Size
  
  112KB
- MD5
  
  65033f728f82059f21f3f8437927d234
- SHA1
  
  de467c3d6f0b396a13b0bdbb01734017dfccbdc2
- SHA256
  
  d58c58d8f8395e68b66eb1f5c674128571faafcb816af3ebe37aae3c1bf7be00
- SHA512
  
  e3134f73328b5a1eaafd089a2ae1225dba65f80d227c5788372204f4baa37cc085c6359d0d27a5b1a8d52b5cf9231f2eca1014db4dab0615b6b1931a46a75141
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXt:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVG4
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2