General
-
Target
6d63c7a6-189a-486a-8fed-2bafc6784163.zip
-
Size
124KB
-
Sample
220602-1ay7hsffap
-
MD5
546b7557b6cf548a0b4979ae0a60c896
-
SHA1
19970bdd324107c487156393b58ab773bbc447f6
-
SHA256
8ea25999fe93b84c817faa74af0ad94f0c0064d8e28fba5fea17665c38695430
-
SHA512
10ffc893ff5f4692da67c10d5cae7bd1a4d6cecc8904eab631c710397427c1311fe65d019f343126062f10d6feb4916f6f1ff8e067306032f14ef769a14278a2
Static task
static1
Behavioral task
behavioral1
Sample
1728.ps1
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1728.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Scan_282.jpg.lnk
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Scan_282.jpg.lnk
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
1728.ps1
-
Size
150KB
-
MD5
732ac4665887f90ad5d320f0e462fce8
-
SHA1
31cb6f21e3d2f50713163163d665053f83bb5bb4
-
SHA256
3efec0b370dfacba1d8a2c9e8563441c6da54ae03925f3f845284d4ea9750731
-
SHA512
8ec4408765d152108981b68a76c42a352f9c623d74220bbbce392500cb8e618a0bd4ac6e2f05057f8520d195d64c38a834facf5cfcf168546b68e4b0287dd849
Score10/10-
DoubleBack x64 Payload
-
Blocklisted process makes network request
-
-
-
Target
Scan_282.jpg.lnk
-
Size
1KB
-
MD5
371924fdfffd4ca69857e94260c34a74
-
SHA1
2a1dc23c24010a8b5ef3b512ea3e3c6d2f52a44b
-
SHA256
801086851a46749a95efc050102fb85b761c0ccb191dfd29ff39c6b7cacb6292
-
SHA512
f9cbf21c27cf3473a2b73141dfd728d9d8824d20afc24f4b4b93ca5bf9536bd594c7a6d4100be2a2fc9c8e4b85b9dcf9797f61f60267128ea31cb44bfb43aba0
Score10/10-
DoubleBack x64 Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-