daba6aa332fac84534abce432c65388b1be0b2eb5cb19ac9220d519136a343d7 | Triage

Sharing

General

Target

daba6aa332fac84534abce432c65388b1be0b2eb5cb19ac9220d519136a343d7
Size

150KB
Sample

230308-mdrd7afc99
MD5

64d5a984c5d0fd74b729be5b52c00389
SHA1

4c5478bd5fd7b58b9c89cbf375ef0005f6807e2f
SHA256

daba6aa332fac84534abce432c65388b1be0b2eb5cb19ac9220d519136a343d7
SHA512

87f290f55d3096ac48c82e192b49b9ff3eefa4f3c2ac6592d38e084e8bd8fc7bdc24169265d0cbce20ad6d0767aef521215b33a7cfa763fe73d3adf9184afcbf
SSDEEP

3072:JeNBJK/n4QA8UTemqn0MrWGeogELKibPKZ9zW2dWFMh0khBYGCw92jqsFM8At6:JeOYZw2dBkk9sa8A6

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://houssagynecologue.com/assets/js/debug2.ps1

Targets

- Target
  
  daba6aa332fac84534abce432c65388b1be0b2eb5cb19ac9220d519136a343d7
- Size
  
  150KB
- MD5
  
  64d5a984c5d0fd74b729be5b52c00389
- SHA1
  
  4c5478bd5fd7b58b9c89cbf375ef0005f6807e2f
- SHA256
  
  daba6aa332fac84534abce432c65388b1be0b2eb5cb19ac9220d519136a343d7
- SHA512
  
  87f290f55d3096ac48c82e192b49b9ff3eefa4f3c2ac6592d38e084e8bd8fc7bdc24169265d0cbce20ad6d0767aef521215b33a7cfa763fe73d3adf9184afcbf
- SSDEEP
  
  3072:JeNBJK/n4QA8UTemqn0MrWGeogELKibPKZ9zW2dWFMh0khBYGCw92jqsFM8At6:JeOYZw2dBkk9sa8A6
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1