c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf | Triage

Sharing

General

Target

c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf
Size

247KB
Sample

231013-1fc68sdd59
MD5

f17afa21e88b7a362db5ae8fdfa43de9
SHA1

14b024dfe1f9aa6eb88bc7e2215e4877c92cc01e
SHA256

c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf
SHA512

efbdcd1c0fb91cb15de2935ed500fb0f9a8b3ef1491e9823850e97451348cd3a170bc0ad3c84086438508f7280f100a33ff8299a7de64093129b2d7ea83b8e0d
SSDEEP

3072:98iTSP3d1hp5xnAs03vx54qylRs8crPGjl5mS3qI79TPJvLCw8DSmfNKgAiNNrc4:90zl37r79h2DSm1SgAOmhzN+

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://aszfiltration.com/storage/files/debug2.ps1

Targets

- Target
  
  c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf
- Size
  
  247KB
- MD5
  
  f17afa21e88b7a362db5ae8fdfa43de9
- SHA1
  
  14b024dfe1f9aa6eb88bc7e2215e4877c92cc01e
- SHA256
  
  c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf
- SHA512
  
  efbdcd1c0fb91cb15de2935ed500fb0f9a8b3ef1491e9823850e97451348cd3a170bc0ad3c84086438508f7280f100a33ff8299a7de64093129b2d7ea83b8e0d
- SSDEEP
  
  3072:98iTSP3d1hp5xnAs03vx54qylRs8crPGjl5mS3qI79TPJvLCw8DSmfNKgAiNNrc4:90zl37r79h2DSm1SgAOmhzN+
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2