d1eb721388bb40bd56835aaea683b2505a429b5fcfdb649be066a7e8e946c1a8 | Triage

Sharing

General

Target

bc702297b8a3200525adca0d25e2d57d
Size

111KB
Sample

240309-wg71saea54
MD5

bc702297b8a3200525adca0d25e2d57d
SHA1

95582f2110f2d736ae639656bdb4debe95752857
SHA256

d1eb721388bb40bd56835aaea683b2505a429b5fcfdb649be066a7e8e946c1a8
SHA512

72d39ddee3cd907c20f85bc2a542f36f2059ec0d1635522b5e380f502c7c1bf96460379ae87fa2c6e5b28c6cee762acc611670acaad86af1c63bead62ad31e80
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXR:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGk

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  bc702297b8a3200525adca0d25e2d57d
- Size
  
  111KB
- MD5
  
  bc702297b8a3200525adca0d25e2d57d
- SHA1
  
  95582f2110f2d736ae639656bdb4debe95752857
- SHA256
  
  d1eb721388bb40bd56835aaea683b2505a429b5fcfdb649be066a7e8e946c1a8
- SHA512
  
  72d39ddee3cd907c20f85bc2a542f36f2059ec0d1635522b5e380f502c7c1bf96460379ae87fa2c6e5b28c6cee762acc611670acaad86af1c63bead62ad31e80
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXR:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGk
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2