ca58b0dff040d2c521a7da233d1ce6cb227690eed914efd233b295ce4cd8724e | Triage

Sharing

General

Target

c9a4f6ea0686178e90b4f9b8a2064402
Size

138KB
Sample

240314-z514xsfe2w
MD5

c9a4f6ea0686178e90b4f9b8a2064402
SHA1

f1a53a8ffe06168351e8a6244f817d365021ed23
SHA256

ca58b0dff040d2c521a7da233d1ce6cb227690eed914efd233b295ce4cd8724e
SHA512

e420254b7d60ad0b2d684703d57a5e60edaedc1e48c8f0b3082d68032951d8e3e2c88c8604879e7d2bb0f86bd2610d28c740abe4eefe73938f58645e74d54fdb
SSDEEP

3072:gP3Liw5EqkrcwcESOP7esaIAyUK6Dg/alXpW:gP3L5KEO3aIv76PW

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://erzurum.us/65376345273497600381/tjTyjrjywrdmJoaaenvF/dll/assistant.php

Targets

- Target
  
  c9a4f6ea0686178e90b4f9b8a2064402
- Size
  
  138KB
- MD5
  
  c9a4f6ea0686178e90b4f9b8a2064402
- SHA1
  
  f1a53a8ffe06168351e8a6244f817d365021ed23
- SHA256
  
  ca58b0dff040d2c521a7da233d1ce6cb227690eed914efd233b295ce4cd8724e
- SHA512
  
  e420254b7d60ad0b2d684703d57a5e60edaedc1e48c8f0b3082d68032951d8e3e2c88c8604879e7d2bb0f86bd2610d28c740abe4eefe73938f58645e74d54fdb
- SSDEEP
  
  3072:gP3Liw5EqkrcwcESOP7esaIAyUK6Dg/alXpW:gP3L5KEO3aIv76PW
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2