50fcf5022198f2f611b9732106b0af419a7c8994af4217df664fe1cbd7cbeeec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a8738929c50a919ce92cfc454e8084a
Size

514KB
Sample

231230-b6fydadben
MD5

0a8738929c50a919ce92cfc454e8084a
SHA1

9988b0a684fc3a48036ec1ef9fc9bf91a72b2149
SHA256

50fcf5022198f2f611b9732106b0af419a7c8994af4217df664fe1cbd7cbeeec
SHA512

6d1364cbc2e58eba1dc72108de6c630489dc84cdea9efa70485ee576467f3eae397e91e83243134e2bbbd5a85aa97f964208c568c83369d6b260d09eb9bf1108
SSDEEP

6144:uYCswqQUr3Qq8Tl84KXU12VR2CL9QMKXNBCltFCNglYy9icYZJZ4r4Uy2MPut0Io:uYCswq9D966UU9iMltFaglfYZdwLY44

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://blomsterhuset-villaflora.dk/assistant.php

Targets

- Target
  
  0a8738929c50a919ce92cfc454e8084a
- Size
  
  514KB
- MD5
  
  0a8738929c50a919ce92cfc454e8084a
- SHA1
  
  9988b0a684fc3a48036ec1ef9fc9bf91a72b2149
- SHA256
  
  50fcf5022198f2f611b9732106b0af419a7c8994af4217df664fe1cbd7cbeeec
- SHA512
  
  6d1364cbc2e58eba1dc72108de6c630489dc84cdea9efa70485ee576467f3eae397e91e83243134e2bbbd5a85aa97f964208c568c83369d6b260d09eb9bf1108
- SSDEEP
  
  6144:uYCswqQUr3Qq8Tl84KXU12VR2CL9QMKXNBCltFCNglYy9icYZJZ4r4Uy2MPut0Io:uYCswq9D966UU9iMltFaglfYZdwLY44
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2