9b683b877649d594662976754c73d964d56d422ed4b40e695ddaa095c661f778 | Triage

Sharing

General

Target

72803412d2d41460ba56668903b8182b
Size

144KB
Sample

240124-r1jebacgdl
MD5

72803412d2d41460ba56668903b8182b
SHA1

8324dcd408282252182731b6b2b2029d72c1be07
SHA256

9b683b877649d594662976754c73d964d56d422ed4b40e695ddaa095c661f778
SHA512

2bdf3c0a0c7837d77ac49109cb6c53e23d3a0c82dbbef828bf2946d9b45f4837932e110b6018f3b2a94e0800fa746c2f17b32da1c472950f597cdbb2d2e2ecbd
SSDEEP

3072:0uT4aFwKEju9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzv:0uxFwKEju9Ry9RuXqW4SzUHmLKeMMU7K

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  72803412d2d41460ba56668903b8182b
- Size
  
  144KB
- MD5
  
  72803412d2d41460ba56668903b8182b
- SHA1
  
  8324dcd408282252182731b6b2b2029d72c1be07
- SHA256
  
  9b683b877649d594662976754c73d964d56d422ed4b40e695ddaa095c661f778
- SHA512
  
  2bdf3c0a0c7837d77ac49109cb6c53e23d3a0c82dbbef828bf2946d9b45f4837932e110b6018f3b2a94e0800fa746c2f17b32da1c472950f597cdbb2d2e2ecbd
- SSDEEP
  
  3072:0uT4aFwKEju9Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzv:0uxFwKEju9Ry9RuXqW4SzUHmLKeMMU7K
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2