796487441f410b915e434218cf6f2fffa867a70cb1e4f4357ce3e5dec116ef85 | Triage

Sharing

General

Target

981daf3350bc6831a06535cfad44d4b2
Size

133KB
Sample

231222-qccfesdgel
MD5

981daf3350bc6831a06535cfad44d4b2
SHA1

7e9a234a61f1a64cb87ca9eef3cc27e39d8306b1
SHA256

796487441f410b915e434218cf6f2fffa867a70cb1e4f4357ce3e5dec116ef85
SHA512

a151cada36b386aa83ed7a875657615b3a3cca2a8ccdc9e231b55558f1e5347fd04cbf40ec8253001bc2f61e3fa20cb4dbd60d96866627988bd6d64a8b37a96c
SSDEEP

3072:0kOBFat5SfZL1y0s09SBzb83XIIUwXSVhnBSfL822iwWcDM9OM6PL2NZ/rrzSQVx:0kOBFat5zFZXL2NZ2QuwqkKIX

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://quickdrive.ae/js/JS000082510952000/dll/assistant.php

Targets

- Target
  
  981daf3350bc6831a06535cfad44d4b2
- Size
  
  133KB
- MD5
  
  981daf3350bc6831a06535cfad44d4b2
- SHA1
  
  7e9a234a61f1a64cb87ca9eef3cc27e39d8306b1
- SHA256
  
  796487441f410b915e434218cf6f2fffa867a70cb1e4f4357ce3e5dec116ef85
- SHA512
  
  a151cada36b386aa83ed7a875657615b3a3cca2a8ccdc9e231b55558f1e5347fd04cbf40ec8253001bc2f61e3fa20cb4dbd60d96866627988bd6d64a8b37a96c
- SSDEEP
  
  3072:0kOBFat5SfZL1y0s09SBzb83XIIUwXSVhnBSfL822iwWcDM9OM6PL2NZ/rrzSQVx:0kOBFat5zFZXL2NZ2QuwqkKIX
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2