Overview

overview

8

Static

static

8db3b9_408...e7.ps1

windows7_x64

8

8db3b9_408...e7.ps1

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8db3b9_408b52dd81ad428db256ba35835b2ee7.txt?dn=asdoawkdajicqujwdi

  • Size

    47KB

  • Sample

    220425-1fklbahgak

  • MD5

    2092518be62aac4a29f7b0ea4b8c2cfc

  • SHA1

    865b1e2489deb46e64b1d8627a2e43a92779a70e

  • SHA256

    e2326b2253bcd8b140ffc210096602764a303573fa1f2b9dd801bd8a06b157bc

  • SHA512

    f5ff6e2db41f6a911c0ad3646eb6ee96dc618ab5c0d3070508d2df39c3895a85fd27f0ea728c2e117e45912f89c10c623bf807add84b8c47bcdf74b7c11bd837

Score
8/10
evasion

Malware Config

Targets

    • Target

      8db3b9_408b52dd81ad428db256ba35835b2ee7.txt?dn=asdoawkdajicqujwdi

    • Size

      47KB

    • MD5

      2092518be62aac4a29f7b0ea4b8c2cfc

    • SHA1

      865b1e2489deb46e64b1d8627a2e43a92779a70e

    • SHA256

      e2326b2253bcd8b140ffc210096602764a303573fa1f2b9dd801bd8a06b157bc

    • SHA512

      f5ff6e2db41f6a911c0ad3646eb6ee96dc618ab5c0d3070508d2df39c3895a85fd27f0ea728c2e117e45912f89c10c623bf807add84b8c47bcdf74b7c11bd837

    Score
    8/10
    evasion

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks