481b25f284855a274a92340e286a9e906ba508f64b0f3cf86f761d8eeaa74ecc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c9441ec1ae32fb1540474084ed65caa1
Size

429KB
Sample

240314-wp3q2aba6s
MD5

c9441ec1ae32fb1540474084ed65caa1
SHA1

a3ac944b19a7a66144874a687de3f2bf76bd1942
SHA256

481b25f284855a274a92340e286a9e906ba508f64b0f3cf86f761d8eeaa74ecc
SHA512

ac714da45a8e07f142717c5d20ac2512449f93a85397487b06373f883802717c38b89974a03f1a2e9d64242d22b3ba9247039565a5f8d83b8fa4132b5dba3bfb
SSDEEP

6144:0Xt/0Do6OkTt9wP4FulH7qIt55cdo/b+RPYISRl+PYOiv72eI3XMiB739yoKLhKR:0Xt8DoyBIPEHyIalUUlIsiN39KUR

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://jolantagraban.pl/log/57843441668980/dll/assistant.php

Targets

- Target
  
  c9441ec1ae32fb1540474084ed65caa1
- Size
  
  429KB
- MD5
  
  c9441ec1ae32fb1540474084ed65caa1
- SHA1
  
  a3ac944b19a7a66144874a687de3f2bf76bd1942
- SHA256
  
  481b25f284855a274a92340e286a9e906ba508f64b0f3cf86f761d8eeaa74ecc
- SHA512
  
  ac714da45a8e07f142717c5d20ac2512449f93a85397487b06373f883802717c38b89974a03f1a2e9d64242d22b3ba9247039565a5f8d83b8fa4132b5dba3bfb
- SSDEEP
  
  6144:0Xt/0Do6OkTt9wP4FulH7qIt55cdo/b+RPYISRl+PYOiv72eI3XMiB739yoKLhKR:0Xt8DoyBIPEHyIalUUlIsiN39KUR
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2