Overview

overview

8

Static

static

1

download.dat (1).ps1

windows7-x64

1

download.dat (1).ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    download.dat (1).ps1

  • Size

    3KB

  • Sample

    230530-j1fz7agg2y

  • MD5

    9f3b3f3c8e27fd5a3b6da453ea05ab64

  • SHA1

    bb091298a548a7e6415908200bcafaa46f4a2a1d

  • SHA256

    e256710a69172b77abe095ad5dc4b7b900f306da16c8a34f994b51d503037c68

  • SHA512

    4b7c7c48589f54132dcbc047a19dc827a2983e9c5c8aa0e5c8d596af05e0e486b7ca2f96d795c197591ba1c27121983d8811be3177bef2492cc3439d143d6661

Score
8/10

Malware Config

Targets

    • Target

      download.dat (1).ps1

    • Size

      3KB

    • MD5

      9f3b3f3c8e27fd5a3b6da453ea05ab64

    • SHA1

      bb091298a548a7e6415908200bcafaa46f4a2a1d

    • SHA256

      e256710a69172b77abe095ad5dc4b7b900f306da16c8a34f994b51d503037c68

    • SHA512

      4b7c7c48589f54132dcbc047a19dc827a2983e9c5c8aa0e5c8d596af05e0e486b7ca2f96d795c197591ba1c27121983d8811be3177bef2492cc3439d143d6661

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks