0442f029601c5925d346260e512770beb5a9a28ef4ac9e2da5d1b0e7d27341a6 | Triage

Sharing

General

Target

55e020dbea48939cdd285ea106713f40bc077e2c
Size

43KB
Sample

230104-qgkbtsbc7w
MD5

cd8ce0411e414f67fa7e34b06004314f
SHA1

55e020dbea48939cdd285ea106713f40bc077e2c
SHA256

0442f029601c5925d346260e512770beb5a9a28ef4ac9e2da5d1b0e7d27341a6
SHA512

322b0c0a1166f392150d46f529ab3475954b5255f955e893bffc49c61865a2f953dc3dd598ca13f9954b61fa79bea797ec7e740ab7cab48d6d5dda08d9631e03
SSDEEP

768:4aPlutIv0NmQCjO2rpReJk3zBE5kxuALjWV+yLFz9ohcqJ8H:uK1j1syDaVh9onKH

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://159.203.143.66/r/

Targets

- Target
  
  55e020dbea48939cdd285ea106713f40bc077e2c
- Size
  
  43KB
- MD5
  
  cd8ce0411e414f67fa7e34b06004314f
- SHA1
  
  55e020dbea48939cdd285ea106713f40bc077e2c
- SHA256
  
  0442f029601c5925d346260e512770beb5a9a28ef4ac9e2da5d1b0e7d27341a6
- SHA512
  
  322b0c0a1166f392150d46f529ab3475954b5255f955e893bffc49c61865a2f953dc3dd598ca13f9954b61fa79bea797ec7e740ab7cab48d6d5dda08d9631e03
- SSDEEP
  
  768:4aPlutIv0NmQCjO2rpReJk3zBE5kxuALjWV+yLFz9ohcqJ8H:uK1j1syDaVh9onKH
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2