f974131c828bce47dc4ac13f200a2720adf2270f40d871daf24204f499ca3cd8 | Triage

Sharing

General

Target

010bf8fe8128591c079451129cc006ae
Size

6.8MB
Sample

231229-xlk79aedgk
MD5

010bf8fe8128591c079451129cc006ae
SHA1

d741d589fd196a7edf54cc5ffbdfcc821b491d62
SHA256

f974131c828bce47dc4ac13f200a2720adf2270f40d871daf24204f499ca3cd8
SHA512

f25050da99397aeb707ca3c51670abe8c7927d048ff8a08f6d2a17df066aff2778eac0760ff5f1caf641d5feb67f4ff4df64eb04bcd819ae69c11b7fb7db87f1
SSDEEP

98304:4e3lN+zl7pDS7iPttNrRMRCJhH/YikuZrzXg0CSvITM5t6jicXx4vRM:L33+TZRMRSp/YR4XgIbYLXx4q

Score

10^/10

pyinstaller

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://192.168.1.13/connect

Targets

- Target
  
  010bf8fe8128591c079451129cc006ae
- Size
  
  6.8MB
- MD5
  
  010bf8fe8128591c079451129cc006ae
- SHA1
  
  d741d589fd196a7edf54cc5ffbdfcc821b491d62
- SHA256
  
  f974131c828bce47dc4ac13f200a2720adf2270f40d871daf24204f499ca3cd8
- SHA512
  
  f25050da99397aeb707ca3c51670abe8c7927d048ff8a08f6d2a17df066aff2778eac0760ff5f1caf641d5feb67f4ff4df64eb04bcd819ae69c11b7fb7db87f1
- SSDEEP
  
  98304:4e3lN+zl7pDS7iPttNrRMRCJhH/YikuZrzXg0CSvITM5t6jicXx4vRM:L33+TZRMRSp/YR4XgIbYLXx4q
Score

10^/10

pyinstaller
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2