b0f10f36c48387a3fbbc1b396f7303236760b6d57ad95fbecf342da704d42765 | Triage

Sharing

General

Target

doc4020616.zip.zip
Size

9KB
Sample

230522-kfz31afa79
MD5

77ac9b286b71887886ac89e84a6469c3
SHA1

a3e6a5d0eb0474cfd6df14be1d039eb13bb95665
SHA256

b0f10f36c48387a3fbbc1b396f7303236760b6d57ad95fbecf342da704d42765
SHA512

71cbb770c3c3afdbafa1c4b33f0d5dd706986f60b82924ba84044efde17c3bc7c50c8b26bb2b23660cec96093fa8021925589904ddf6c89e806914105bc03546
SSDEEP

192:qWUnIicnk3/o9Bz0KotLAqG9j8t2zT0Ti9WVftR7Vzjf3lqOo:qW/ij/4itLAqYCVJf7uOo

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://birikina.it/files/f2.ps1

Targets

- Target
  
  doc5807062.js
- Size
  
  30KB
- MD5
  
  84f30c9f68eb9df230a92d50532e6b93
- SHA1
  
  b706578b34af6355875f6516f6dda21a9a89d05a
- SHA256
  
  8981962682144d426e43a7f9b7b4061a9e946aab5928fe7b7bc3cc0becae2a5e
- SHA512
  
  cf4df5a0d29a6cf44e1f1800124ca615b93ac0901c2c113e0c5245391d206a892bd1b49685aa72febedffc8cb96356b6314a4be3b367d2a8de5d7094a1ceb29a
- SSDEEP
  
  384:iOopEC7fIZ4SuzwUfxm1VH1dnFES6aT3IBmfgjgMB7AKeR+:iOI7f7xm1ZbnF/4BOMxAR+
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1