General

  • Target

    f17afa21e88b7a362db5ae8fdfa43de9.bin

  • Size

    118KB

  • Sample

    230917-c7ra6shf96

  • MD5

    a2f54007138666066c5f599d441a4091

  • SHA1

    568467049ac9e2e50c971b7e533133333644c8d7

  • SHA256

    b08f1a1b8feaf67cbae681acaacc46aedbd216586b51236e3181365ce6b488fe

  • SHA512

    6bc5ed6658116fb83c232002d8ab0e0bfc82586329f9750f64762148c4b65a73037e38d5fa1b0fce24de2be273267e1823cb465713930a7fe03763886ae71735

  • SSDEEP

    3072:H2FtLZBtswP4yvYpwZblMS2mbHwQCKWw41tnyswkP:H2fZswPfg/S2mbHdCBR1tnyswkP

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://aszfiltration.com/storage/files/debug2.ps1

Targets

    • Target

      c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf.exe

    • Size

      247KB

    • MD5

      f17afa21e88b7a362db5ae8fdfa43de9

    • SHA1

      14b024dfe1f9aa6eb88bc7e2215e4877c92cc01e

    • SHA256

      c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf

    • SHA512

      efbdcd1c0fb91cb15de2935ed500fb0f9a8b3ef1491e9823850e97451348cd3a170bc0ad3c84086438508f7280f100a33ff8299a7de64093129b2d7ea83b8e0d

    • SSDEEP

      3072:98iTSP3d1hp5xnAs03vx54qylRs8crPGjl5mS3qI79TPJvLCw8DSmfNKgAiNNrc4:90zl37r79h2DSm1SgAOmhzN+

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks