f240023089aeb390afb771116dcd81d753e1270a573caef7118be24ad3799762

General

Target

d122bf2d9b0225fab61da6ac2ea0cb8f58df8de0782c7e7d6d8683363e887f72.exe
Size

108KB
Sample

240126-n2ynvaedep
MD5

5a0002d2a22ceca62c674539b7454ae4
SHA1

8aebc5ca26daace2b5cef162500ffe515fc601e1
SHA256

f240023089aeb390afb771116dcd81d753e1270a573caef7118be24ad3799762
SHA512

083792c1e199deaa86fde46b5b788c50a1b8a3b6bed4493d509aaa5d6c75fad4a631e64e0bc717ec13628d7fc3250d92566a12c934e6c04b1ac5452adbe573a7
SSDEEP

1536:K7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIflAmOHk1xJ:oq6+ouCpk2mpcWJ0r+QNTBfl9e

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065810266320814180/pixel_sides_very_good.mp3

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065822549298126908/music.bat

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065807657358856232/no.bat

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065808951289065492/DO2.bat

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1061066335255273553/1065808951624597555/virus.exe

Targets

- Target
  
  d122bf2d9b0225fab61da6ac2ea0cb8f58df8de0782c7e7d6d8683363e887f72.exe
- Size
  
  108KB
- MD5
  
  5a0002d2a22ceca62c674539b7454ae4
- SHA1
  
  8aebc5ca26daace2b5cef162500ffe515fc601e1
- SHA256
  
  f240023089aeb390afb771116dcd81d753e1270a573caef7118be24ad3799762
- SHA512
  
  083792c1e199deaa86fde46b5b788c50a1b8a3b6bed4493d509aaa5d6c75fad4a631e64e0bc717ec13628d7fc3250d92566a12c934e6c04b1ac5452adbe573a7
- SSDEEP
  
  1536:K7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIflAmOHk1xJ:oq6+ouCpk2mpcWJ0r+QNTBfl9e
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2