6af02d867cca71be8a87383d128c50dc20900cf700400614bc164dc2024e1f81 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6af02d867cca71be8a87383d128c50dc20900cf700400614bc164dc2024e1f81
Size

6KB
Sample

240410-m9pkgade83
MD5

94515fb8d1628b442fcf7627355894dc
SHA1

f396bf8c24225af66895b760b1b0a117b3237078
SHA256

6af02d867cca71be8a87383d128c50dc20900cf700400614bc164dc2024e1f81
SHA512

e440a63087ffd9346f14122fd55db0cb790256dc2cf8e5ede513645cf63c9d5954b7182e909619e74fb8cd0fa4a6b7c2dbbba40114008c3e382384fb8289c561
SSDEEP

192:85tffEjIAjoud8So55oChD4ARU0ffosyZOLhDRjzf4oU8LL4SosOhYhz9TosOhCf:sKX

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://mountainandsea.online/api/filed

Targets

- Target
  
  6af02d867cca71be8a87383d128c50dc20900cf700400614bc164dc2024e1f81
- Size
  
  6KB
- MD5
  
  94515fb8d1628b442fcf7627355894dc
- SHA1
  
  f396bf8c24225af66895b760b1b0a117b3237078
- SHA256
  
  6af02d867cca71be8a87383d128c50dc20900cf700400614bc164dc2024e1f81
- SHA512
  
  e440a63087ffd9346f14122fd55db0cb790256dc2cf8e5ede513645cf63c9d5954b7182e909619e74fb8cd0fa4a6b7c2dbbba40114008c3e382384fb8289c561
- SSDEEP
  
  192:85tffEjIAjoud8So55oChD4ARU0ffosyZOLhDRjzf4oU8LL4SosOhYhz9TosOhCf:sKX
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2