1d70b27434446bd1fe5192238088cc83c8fcc685feaf00b266052f751c1077f9 | Triage

Sharing

General

Target

60c36da8d79f10579883b61cf32a995c
Size

175KB
Sample

231222-eqvclsedh4
MD5

60c36da8d79f10579883b61cf32a995c
SHA1

ba1b52e9dbfc3079b1d4b7c5d40c7d23d56df276
SHA256

1d70b27434446bd1fe5192238088cc83c8fcc685feaf00b266052f751c1077f9
SHA512

dc5f2c5d91717d36ace6052d3e6f0a9bcf15f932c02e70870f5fb0eec5525e2c4b3579abf345fca9efb4f1406f00cf0f2e1e4974f6dcdd72c5e5a627e05a99b1
SSDEEP

3072:0kOBFat5SfZL1y0s09SBzb83XIIUwXSVhnBSfL822iwWmiwCm6Y5RP+Lj5pggfih:0kOBFat5zziRbYX2X7ffiDU+QrWkuyG/

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://quickdrive.ae/js/JS000082510952000/dll/assistant.php

Targets

- Target
  
  60c36da8d79f10579883b61cf32a995c
- Size
  
  175KB
- MD5
  
  60c36da8d79f10579883b61cf32a995c
- SHA1
  
  ba1b52e9dbfc3079b1d4b7c5d40c7d23d56df276
- SHA256
  
  1d70b27434446bd1fe5192238088cc83c8fcc685feaf00b266052f751c1077f9
- SHA512
  
  dc5f2c5d91717d36ace6052d3e6f0a9bcf15f932c02e70870f5fb0eec5525e2c4b3579abf345fca9efb4f1406f00cf0f2e1e4974f6dcdd72c5e5a627e05a99b1
- SSDEEP
  
  3072:0kOBFat5SfZL1y0s09SBzb83XIIUwXSVhnBSfL822iwWmiwCm6Y5RP+Lj5pggfih:0kOBFat5zziRbYX2X7ffiDU+QrWkuyG/
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2