d424a08c1e1eac484c029a6ef4008bf991aebf26a86aa02fecd18ad60bb24a0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

498b038f610b49e31b24ac641a1010d4
Size

733B
Sample

240107-vfrrqsahcp
MD5

498b038f610b49e31b24ac641a1010d4
SHA1

d44a1e96a3ab5747705dbb242ab07e452e1ae9bb
SHA256

d424a08c1e1eac484c029a6ef4008bf991aebf26a86aa02fecd18ad60bb24a0f
SHA512

355352707e9638b3b3226c867d89d6dbacd6a8886a7f2ea3ccd280aedae78e3cbc86f0d3a89ef2c754959d4322fc635476c4358d8cf9b8175c42a659ba0d45c6

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://transfer.sh/get/1jmaVDV/model.txt

Targets

- Target
  
  498b038f610b49e31b24ac641a1010d4
- Size
  
  733B
- MD5
  
  498b038f610b49e31b24ac641a1010d4
- SHA1
  
  d44a1e96a3ab5747705dbb242ab07e452e1ae9bb
- SHA256
  
  d424a08c1e1eac484c029a6ef4008bf991aebf26a86aa02fecd18ad60bb24a0f
- SHA512
  
  355352707e9638b3b3226c867d89d6dbacd6a8886a7f2ea3ccd280aedae78e3cbc86f0d3a89ef2c754959d4322fc635476c4358d8cf9b8175c42a659ba0d45c6
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2