d1c53f8ba3f9a0e3961a7c0deae9f687e52bfa05c7830b08978b1a5013863bd1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c3a9f2b3c58d26da94857d560663d7ae
Size

100KB
Sample

240312-sfrqmadg39
MD5

c3a9f2b3c58d26da94857d560663d7ae
SHA1

e2516116f4fea358057a0860f15508f1064cdbbd
SHA256

d1c53f8ba3f9a0e3961a7c0deae9f687e52bfa05c7830b08978b1a5013863bd1
SHA512

46247e8ce56c36705c215ce94f73ef8584a4b5b1fc061e03676de9115808e91acc20c4a06e5d24bc80626aefb270a57564cf955e0203fb8184d446d49f7f1ae8
SSDEEP

3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXH:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGU

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://smart-integrator.hr/pornhub.php

Targets

- Target
  
  c3a9f2b3c58d26da94857d560663d7ae
- Size
  
  100KB
- MD5
  
  c3a9f2b3c58d26da94857d560663d7ae
- SHA1
  
  e2516116f4fea358057a0860f15508f1064cdbbd
- SHA256
  
  d1c53f8ba3f9a0e3961a7c0deae9f687e52bfa05c7830b08978b1a5013863bd1
- SHA512
  
  46247e8ce56c36705c215ce94f73ef8584a4b5b1fc061e03676de9115808e91acc20c4a06e5d24bc80626aefb270a57564cf955e0203fb8184d446d49f7f1ae8
- SSDEEP
  
  3072:59Ry98guHVBqqg2bcruzUHmLKeMMU7GwbWBPwVGWl9SZ8kV8Gd5bzIvt/4g5eaXH:59Ry9RuXqW4SzUHmLKeMMU7GwWBPwVGU
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2