9d8af568b0657ff10c735bce816033ce6f844aed1879f94ab6e1fee8a8da3677 | Triage

Sharing

General

Target

8e44eb8b76e7cfe54abc30226f76b61f
Size

950B
Sample

240204-flpf8scdak
MD5

8e44eb8b76e7cfe54abc30226f76b61f
SHA1

84bb3650430163978ef1918ba6edaee9a7705389
SHA256

9d8af568b0657ff10c735bce816033ce6f844aed1879f94ab6e1fee8a8da3677
SHA512

22bef15c37064a79bcaaca8648b7b52c221fb25b51473a52bf2ec5804c7f2927733183a9e676572b749bef073c733b47cbc08a1c23e462da879b671923c5bc0c

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://transfer.sh/1kqpOIu/bypass.txt

Targets

- Target
  
  8e44eb8b76e7cfe54abc30226f76b61f
- Size
  
  950B
- MD5
  
  8e44eb8b76e7cfe54abc30226f76b61f
- SHA1
  
  84bb3650430163978ef1918ba6edaee9a7705389
- SHA256
  
  9d8af568b0657ff10c735bce816033ce6f844aed1879f94ab6e1fee8a8da3677
- SHA512
  
  22bef15c37064a79bcaaca8648b7b52c221fb25b51473a52bf2ec5804c7f2927733183a9e676572b749bef073c733b47cbc08a1c23e462da879b671923c5bc0c
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2