6a664c1f202138b90577612d248c93071f58a5b41a7db4c0c8f241df927bf6c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2344684309d996745143e20098ef39cb
Size

897B
Sample

231231-b619baadg8
MD5

2344684309d996745143e20098ef39cb
SHA1

42ab7067d1ba7e966abb876888f7dd60ab64ffed
SHA256

6a664c1f202138b90577612d248c93071f58a5b41a7db4c0c8f241df927bf6c0
SHA512

d1121e99d7b209c4c86d9b12a9578946b65daf589793d79334bf4b5dd7b781ba75e91dcce8f337dd2098c7ca6986cbf1f9732a86bb9c7eb16845208b5d2215f5

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://transfer.sh/17VfkkC/bypass.txt

Targets

- Target
  
  2344684309d996745143e20098ef39cb
- Size
  
  897B
- MD5
  
  2344684309d996745143e20098ef39cb
- SHA1
  
  42ab7067d1ba7e966abb876888f7dd60ab64ffed
- SHA256
  
  6a664c1f202138b90577612d248c93071f58a5b41a7db4c0c8f241df927bf6c0
- SHA512
  
  d1121e99d7b209c4c86d9b12a9578946b65daf589793d79334bf4b5dd7b781ba75e91dcce8f337dd2098c7ca6986cbf1f9732a86bb9c7eb16845208b5d2215f5
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2