5b9e9a6759f84e1bd334f9421e180b51cf188e6ec2a5dc1f4445f238c013b226

General

Target

Dekontu.rar
Size

960B
Sample

240502-hbe6xsde94
MD5

a1f4e3f09a53b76dd7f5b8f0264c7072
SHA1

5ae803deb55b38b78e8ebe945cb9ec17dd62b602
SHA256

5b9e9a6759f84e1bd334f9421e180b51cf188e6ec2a5dc1f4445f238c013b226
SHA512

516541993b3bc4cd736b79e595017e1dd29d59f67504c9ef604234a2deddf05da9c980628e0651107dbc2f8e15229010d237babc558d9ecc706d59bcecec113c

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://requimacofradian.site/srtyuyussertgsdhsrtehtdyhdrydfkrgfrukydjedyjedeyj/dyirtysthstudfyiufdhsdgfjdfyuikfudfyhsdrwrqerregrytrautrsuy/fsbgfshwtjyehstwyeuysryysiuijdydjyttdtaratrtre/Grtdy.pif

Targets

- Target
  
  Dekontu/Dekontu.lnk.lnk
- Size
  
  2KB
- MD5
  
  cb958910e643b506770ffd61abc0d2dd
- SHA1
  
  4d57d11249ea675c01e15d0b40c3b9283e54936b
- SHA256
  
  ee727b982417c3ddc89d37711aa1b1acde817db4a32837a55209a927245497c9
- SHA512
  
  caa151588a234ffc2c9c87500e49484ad0b5d8b4853e5a2c95e22e29fa8b9712ff66e7c3f66e5db842548dee9237bbbfa2dc527ef2b5ca39eb371b4940603ca2
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2