General

  • Target

    Anarchy Panel 4.7.zip

  • Size

    5.8MB

  • Sample

    230625-lew6dsee8w

  • MD5

    2bedc38f45cbd88a2a617f92c92d43b5

  • SHA1

    576ecdf132b66992b55a3f3986405209e150d989

  • SHA256

    5e840076dd200bff8e6a9f2abb94ea13196564c6d60e436d0c84cc148bce1b9a

  • SHA512

    11a7e00f306fb9b982b10c351a75c273fff89cd841a94a37c04e9894797560d59f52634a3efca83b65007e76aaba09c9e6a5bde6c8e982f89565405051188cc8

  • SSDEEP

    98304:QiX4/DxrPgnwaD84Qux2keP3FTU12QoqUVve8OnPeu2MFoW2bt//yQO5+HCpko0+:QP/DawaD84zxmP31mshOnPe5MFQ/TH67

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://rentry.org/nipkv/raw

Targets

    • Target

      Anarchy Panel 4.7/Anarchy Panel.exe

    • Size

      71KB

    • MD5

      921b80699829ba456a35ff4a4cc16861

    • SHA1

      f01420e7dd677d50763c8344d33549076734682a

    • SHA256

      a94809a32eb1cee1f9490410fe9592790fe00802c620b1b881fb0c8815b1efba

    • SHA512

      a8d2650a9f7290ddaff5c0b1a842cfd4f473f91f23fc8d7f07294c528eb98cca63a48a5f5552c4bf33465f59b9f74fbc3c9d783064e927e8974ca316893c2bf1

    • SSDEEP

      384:A67eCgMkHDsar3lL9O65uJor+1kKQmQhVXZzyM9MpPYAhk5:AFla6/wmhrV2pL

    Score
    10/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks