adcad18e1e03280010904fe1c5eb3defb5494d2c60073e74e8726f6902be43a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AtlasLoader.exe
Size

72KB
Sample

230520-pk1ybacb72
MD5

85282b0e12f73dcb8c106a8e3dae2e50
SHA1

5f41ddb3bcd8260eda76452de9d3f0c4288528ea
SHA256

adcad18e1e03280010904fe1c5eb3defb5494d2c60073e74e8726f6902be43a0
SHA512

bbff990506e28ae4861ba087801116ca0c85e58c42574e4d7593dda67aa7d3e1b1bed7dba73dbfb41b3d2a00485551cc1847da4bf51b5b11d016e04955ae51c6
SSDEEP

768:1tDIptIoDSacHl7Enrwy/Gd2dfqAstDpm+a/n38xDGJWPwyLgwupKLQdNf7a/uyW:bC4js71VQL

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://rentry.org/rc5se/raw

Targets

- Target
  
  AtlasLoader.exe
- Size
  
  72KB
- MD5
  
  85282b0e12f73dcb8c106a8e3dae2e50
- SHA1
  
  5f41ddb3bcd8260eda76452de9d3f0c4288528ea
- SHA256
  
  adcad18e1e03280010904fe1c5eb3defb5494d2c60073e74e8726f6902be43a0
- SHA512
  
  bbff990506e28ae4861ba087801116ca0c85e58c42574e4d7593dda67aa7d3e1b1bed7dba73dbfb41b3d2a00485551cc1847da4bf51b5b11d016e04955ae51c6
- SSDEEP
  
  768:1tDIptIoDSacHl7Enrwy/Gd2dfqAstDpm+a/n38xDGJWPwyLgwupKLQdNf7a/uyW:bC4js71VQL
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2