51fb189db1820ef138dd102477132b96ef5875a98d0f03be54e6e4e30458bc2b | Triage

Sharing

General

Target

3661cbaa14b2974e5f1c228da71b3375.bin
Size

119KB
Sample

230602-br8pvahf5z
MD5

552985d045de39f47924293b9da35b29
SHA1

99f11b300b96bc47bdfa5aac032e5a190f34e8b7
SHA256

51fb189db1820ef138dd102477132b96ef5875a98d0f03be54e6e4e30458bc2b
SHA512

d1676ce6006f23b9c55daa04898e02c540c621a775af511606c00a48bd45bad8c2dc6a5c15a71b45cf5d634deae5546739d057dd5528463e12f8f70999c7ada6
SSDEEP

3072:/iBrtDohX1XAhcvKRmzx4n/RqTDViNL+GLeMwm9nTQNY873G:/iBxYXhAiHzGpqTDQZLeMRZgt3G

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://transparenciacanaa.com.br/cidadejunina/js/vendor/debug2.ps1

Targets

- Target
  
  ada19cb4ac105d3455eb0c2f84fcc2d9cf4350e78e149a62304c90f978e72b7f.exe
- Size
  
  253KB
- MD5
  
  3661cbaa14b2974e5f1c228da71b3375
- SHA1
  
  2802749a624d8b66786988805aafabdc8b3c741e
- SHA256
  
  ada19cb4ac105d3455eb0c2f84fcc2d9cf4350e78e149a62304c90f978e72b7f
- SHA512
  
  a35ce1d9dbfa50bc40de1effea0aaa69a45613c0545b918dd3f710106d917764940241cbad829738519c78167db5f4705b8b682acf698d60c3d54329b0e39099
- SSDEEP
  
  3072:/jw74LtbRIpVtSxq3hJSaj0CqWuvSNImaZhljVLl7r8qi41j2m2FtHJjgBvFGhC4:M6hJVL5nt2FvUJFGhCWUyAOkgqk7
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2