74069ec92a4bc310375ce80bd05d9e2e9ce909950a2a577f02d81c5809667a5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8dd39b460bcdd60e9f29243845a4f379
Size

98KB
Sample

240204-bdpptadgd6
MD5

8dd39b460bcdd60e9f29243845a4f379
SHA1

52de24ba83af1b0e83d841498933314ca31d1fe2
SHA256

74069ec92a4bc310375ce80bd05d9e2e9ce909950a2a577f02d81c5809667a5e
SHA512

3b711cd5ccf55045662ec33f89b221532325629bb571512337efe8d49cda7ea48ee42e6d52a984538c8704285432d69b3a2910ea5114a436896939f6d17ea23a
SSDEEP

3072:MH+ihBFL/iOh59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5e:MH+ihBFzh59Ry9RuXqW4SzUHmLKeMMUJ

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  8dd39b460bcdd60e9f29243845a4f379
- Size
  
  98KB
- MD5
  
  8dd39b460bcdd60e9f29243845a4f379
- SHA1
  
  52de24ba83af1b0e83d841498933314ca31d1fe2
- SHA256
  
  74069ec92a4bc310375ce80bd05d9e2e9ce909950a2a577f02d81c5809667a5e
- SHA512
  
  3b711cd5ccf55045662ec33f89b221532325629bb571512337efe8d49cda7ea48ee42e6d52a984538c8704285432d69b3a2910ea5114a436896939f6d17ea23a
- SSDEEP
  
  3072:MH+ihBFL/iOh59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5e:MH+ihBFzh59Ry9RuXqW4SzUHmLKeMMUJ
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2