284ffbbe6850f5d4da7c2f9c9525f72fb28162b1246b9983ab36c09444d272c6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Red.bat
Size

531KB
Sample

240119-qyjrmafadj
MD5

2ddba9b9f4c54da7c0dd69182e9632a4
SHA1

aa2a9e910a9f79bf4cf773a008089d802a8c5ea5
SHA256

284ffbbe6850f5d4da7c2f9c9525f72fb28162b1246b9983ab36c09444d272c6
SHA512

10c30642d0a0abed568c323b5a0af2c102bcad35bd1f936eb8f896d391321aa420f8c7a17ee4fc9f9bc1118b75a86ee8c0eb973125d929eafed8c54e70069903
SSDEEP

12288:IezDMeZkl9He/RFdj97JjVtli/w3i9ZrE0dqZuKZU0s4fFWb71/Lm/h7W9a0HFeT:JnMeWU/LuDfM

Score

7^/10

Malware Config

Targets

- Target
  
  Red.bat
- Size
  
  531KB
- MD5
  
  2ddba9b9f4c54da7c0dd69182e9632a4
- SHA1
  
  aa2a9e910a9f79bf4cf773a008089d802a8c5ea5
- SHA256
  
  284ffbbe6850f5d4da7c2f9c9525f72fb28162b1246b9983ab36c09444d272c6
- SHA512
  
  10c30642d0a0abed568c323b5a0af2c102bcad35bd1f936eb8f896d391321aa420f8c7a17ee4fc9f9bc1118b75a86ee8c0eb973125d929eafed8c54e70069903
- SSDEEP
  
  12288:IezDMeZkl9He/RFdj97JjVtli/w3i9ZrE0dqZuKZU0s4fFWb71/Lm/h7W9a0HFeT:JnMeWU/LuDfM
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2