28a5d796353975337f9263a5b7da20986b474e067fa8c97f1b76a316e8496609 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62d22d4474fd019533ac6cd0749e7685.bin
Size

23KB
Sample

240306-bvkr7agc86
MD5

99c5bd0bf3f3e38f18ca612977b200f3
SHA1

3d24f94d63a5a04b34ba0fd30b6c5f1cd12b3581
SHA256

28a5d796353975337f9263a5b7da20986b474e067fa8c97f1b76a316e8496609
SHA512

449ddea0dd39b971fb8460ebbc43de2133587333eedcacde9cf993892cf1a9d633a645240d76e9df8e8c29ba4d602154f2c71603459889cf5f62548cce1bcd93
SSDEEP

384:vb1t2erJEdILWm0T9xESJi5IPDbEJSFJxUDPGUdNcCmMjYwiJy:T2DdT3YibEYFJSrGeNcC5t

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://compactgrill.hu/care.txt

Targets

- Target
  
  DE-14051405.js
- Size
  
  61KB
- MD5
  
  cfb018f98474eae2614454fdff0a4fef
- SHA1
  
  9a5d5939b4b8b8d300ba6744ad1e65ca4d08e168
- SHA256
  
  46cd6b34f7710afb89303715779a915f41f528b06189815b22672e80986d7916
- SHA512
  
  67527eb9cbab95f72533b8b4bc34d8ae693519a34bfc4d35fcf8e988fc1ae84fb02e9ad8d05487c9c665e699c271e6275c8c81638e08eec8d2f4669b646c505f
- SSDEEP
  
  1536:8+eeHSmKvhgEB3Eurt47NJLP6z6+S2te/fKpw6o11uf+DKP:zTo3EuWg9S2te/fKpw6Kw
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2