ed82db73804000b91578b23399b7a2b3531b1c656c135c69c93301818d27d272 | Triage

Sharing

General

Target

AltiumWare.zip
Size

5.4MB
Sample

230524-jmtdcsbd33
MD5

c32013b7c1d008e6ea40aceadca50c1e
SHA1

74ee8996be4c8f653f8abf8ad1309bf7cbeca9b3
SHA256

ed82db73804000b91578b23399b7a2b3531b1c656c135c69c93301818d27d272
SHA512

58d6f9cec322d7de169b79e81542f8ec2072adf5aa77c0420e66067a9b38afdbf7caa7c5f8ddc0c5b2d26e388800d4c1c73b7f6b75382a9e6f2fa8e20980b277
SSDEEP

98304:L4BXkTe66hE4NodOeqZXp6bW6sh/ma9/FFsRgVhEUm+e4uuMcHXzoGUoZRcge:zh6hakX4bTEXFsRgVWYXzoGWge

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://rentry.org/9mn9p/raw

Targets

- Target
  
  AltiumWare/AltiumWare.exe
- Size
  
  74KB
- MD5
  
  68bf941caeb51e05927d1f1ad077d0a3
- SHA1
  
  a47bf9a936106b1b72d0533f7ea37216d1364f4a
- SHA256
  
  7c26bdd8f3b2868b4f10650704f4ef46d79a67acc392d536b73eb55cdd416f43
- SHA512
  
  b510bedafff3683112694631efaa691594844867ec11ded37d70e538106b899df6c57b44ac68c8e2d64e2060f53ebf0c8b0792e6fbc241c0f085a87ac9408f48
- SSDEEP
  
  768:Voo9JvGhCbxbbcaqc4NoacavNt/HcLngIoDSacHl7Enrwy/Gd2dfqAstDpm+a/nz:qo9JOyGsnljs71VQL
Score

10^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1