cb794dfc1d7ae658e97cd6106ed352a7ea1b223dc3b6fd11e741a0a152037e67 | Triage

Sharing

General

Target

cb794dfc1d7ae658e97cd6106ed352a7ea1b223dc3b6fd11e741a0a152037e67
Size

1KB
Sample

220725-f4x64agfdk
MD5

a70ad591796a3bd4ca51c1b1be6faa7f
SHA1

09626af0ab0618c75027bb49fe2e98fd8380a2f4
SHA256

cb794dfc1d7ae658e97cd6106ed352a7ea1b223dc3b6fd11e741a0a152037e67
SHA512

85c920fc5443569f757f2832cbd64476d75b9b6d9cc875747a3bca4e6635b760abb81f7aaa4a93a27c77288dd2bd4002fd06610585beb47e57981153838f8ecd

Score

10^/10

suricata

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.dropbox.com/s/edlv7qj0eo2pct6/obi.exe?dl=1

Targets

- Target
  
  cb794dfc1d7ae658e97cd6106ed352a7ea1b223dc3b6fd11e741a0a152037e67
- Size
  
  1KB
- MD5
  
  a70ad591796a3bd4ca51c1b1be6faa7f
- SHA1
  
  09626af0ab0618c75027bb49fe2e98fd8380a2f4
- SHA256
  
  cb794dfc1d7ae658e97cd6106ed352a7ea1b223dc3b6fd11e741a0a152037e67
- SHA512
  
  85c920fc5443569f757f2832cbd64476d75b9b6d9cc875747a3bca4e6635b760abb81f7aaa4a93a27c77288dd2bd4002fd06610585beb47e57981153838f8ecd
Score

10^/10

suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2