fcdaa801a02c05faa8e09a1abb75ab4b8b4a57e1d097cc5feb63b95280230e5c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x.png
Size

62KB
Sample

240426-yb68eabe7z
MD5

d2e9de8671fd61605ff5f8b8f3249d6b
SHA1

38dc0accb9c561c4f2ed9cc565f73a09eb84e81c
SHA256

fcdaa801a02c05faa8e09a1abb75ab4b8b4a57e1d097cc5feb63b95280230e5c
SHA512

413abbf5eb1a19fec41bbf31cfa524a8c88f049ae624c2b8f8cd40b3dc6ca37b99a45e74cfcb3422bee104e218ebc6b3d38f22b5b9afbd967545aa862b15a106
SSDEEP

1536:y9V9A9J9v9/9U9U9v9U9c9A9m9v9/9U9U9v9U9v:U

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://77.221.151.31/a/a.png

Targets

- Target
  
  0x.png
- Size
  
  62KB
- MD5
  
  d2e9de8671fd61605ff5f8b8f3249d6b
- SHA1
  
  38dc0accb9c561c4f2ed9cc565f73a09eb84e81c
- SHA256
  
  fcdaa801a02c05faa8e09a1abb75ab4b8b4a57e1d097cc5feb63b95280230e5c
- SHA512
  
  413abbf5eb1a19fec41bbf31cfa524a8c88f049ae624c2b8f8cd40b3dc6ca37b99a45e74cfcb3422bee104e218ebc6b3d38f22b5b9afbd967545aa862b15a106
- SSDEEP
  
  1536:y9V9A9J9v9/9U9U9v9U9c9A9m9v9/9U9U9v9U9v:U
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2