28fff67a5ec01a9ccd4c5101cdfeaa2a714d90322b39a5b5be4cb48e4ff78ea2 | Triage

Sharing

General

Target

562348e8dbd71f796420599713c73c02.exe
Size

144KB
Sample

230317-xgxeqahe94
MD5

562348e8dbd71f796420599713c73c02
SHA1

b21c5a26d2a3d7bb06d946397540de919e7acd64
SHA256

28fff67a5ec01a9ccd4c5101cdfeaa2a714d90322b39a5b5be4cb48e4ff78ea2
SHA512

1ea1dd6ba499830eed943a231b16ac6f7d288d6fc8d4bffed3b0336ee14ba4a9e221d796636a2c19c0aa5f501a2b91366c8600d478ed7e2832638c6e459b3188
SSDEEP

3072:OBkoDOa0GfjuYQWOd1nfS9KlTHSsq+dzplmKzBfcnhHKMISCVN/Q:/Vq+pluMMCn/

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://kialux.com/images/operator/debug2.ps1

Targets

- Target
  
  562348e8dbd71f796420599713c73c02.exe
- Size
  
  144KB
- MD5
  
  562348e8dbd71f796420599713c73c02
- SHA1
  
  b21c5a26d2a3d7bb06d946397540de919e7acd64
- SHA256
  
  28fff67a5ec01a9ccd4c5101cdfeaa2a714d90322b39a5b5be4cb48e4ff78ea2
- SHA512
  
  1ea1dd6ba499830eed943a231b16ac6f7d288d6fc8d4bffed3b0336ee14ba4a9e221d796636a2c19c0aa5f501a2b91366c8600d478ed7e2832638c6e459b3188
- SSDEEP
  
  3072:OBkoDOa0GfjuYQWOd1nfS9KlTHSsq+dzplmKzBfcnhHKMISCVN/Q:/Vq+pluMMCn/
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2