a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16 | Triage

Sharing

General

Target

4ae071a407c0054c1a549457a67151f9
Size

731B
Sample

240108-jt7jkadhep
MD5

4ae071a407c0054c1a549457a67151f9
SHA1

f5843409f2fff10d686aa75df94f78b1121df6ef
SHA256

a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16
SHA512

16f066c527dc075ae959659d7f2920bf69428d64742b14fec8974ab88a4083494961a87b94713a88a6fa17ee452d8a934b19e114f60094e02b0bded5244ec425

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://transfer.sh/1awqNEs/bypass.txt

Targets

- Target
  
  4ae071a407c0054c1a549457a67151f9
- Size
  
  731B
- MD5
  
  4ae071a407c0054c1a549457a67151f9
- SHA1
  
  f5843409f2fff10d686aa75df94f78b1121df6ef
- SHA256
  
  a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16
- SHA512
  
  16f066c527dc075ae959659d7f2920bf69428d64742b14fec8974ab88a4083494961a87b94713a88a6fa17ee452d8a934b19e114f60094e02b0bded5244ec425
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2