Resubmissions

03-02-2023 01:45

230203-b6fmlshg33 10

02-02-2023 21:18

230202-z5z7maba8z 10

02-02-2023 21:02

230202-zvr39sah6z 10

General

  • Target

    a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c.zip

  • Size

    943B

  • Sample

    230202-z5z7maba8z

  • MD5

    cdc031e5ba9bc2934c85c07e309fd785

  • SHA1

    68334c5368aebd16e4e9ded0793df489eb94ad3b

  • SHA256

    fe691ec7c2a992948fe3bdd861ef9c93e49521cc7a310fae87dd61704b73904f

  • SHA512

    82444bf09d2fc6c3553954ebcb7c1d66f5eff4ac08acd3d8d05c6c100da067e10841f60ecda8871b820d16f00d59bb3d6e59034344dd2d8234cb7cd991e7230c

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://oiartzunirratia.eus/install/clean/Lcovlccdxd.exe

Targets

    • Target

      a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c.lnk

    • Size

      2KB

    • MD5

      ef7f9739337bc657cd0a63e32e27d0a1

    • SHA1

      bf67555a7272f24ceb57b1c49e4cf37dc17b246f

    • SHA256

      a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c

    • SHA512

      e3d0a14ac1b9165e75e619aa6f76058a4c799bb722abaeafac977c35f31ab10ad8c8a51c7f3828bb896cbf339f971974a4fb26421ba6aea52530ac84b7785ada

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks