ee727b982417c3ddc89d37711aa1b1acde817db4a32837a55209a927245497c9

General

Target

ee727b982417c3ddc89d37711aa1b1acde817db4a32837a55209a927245497c9.lnk
Size

2KB
Sample

240503-mjebtace6y
MD5

cb958910e643b506770ffd61abc0d2dd
SHA1

4d57d11249ea675c01e15d0b40c3b9283e54936b
SHA256

ee727b982417c3ddc89d37711aa1b1acde817db4a32837a55209a927245497c9
SHA512

caa151588a234ffc2c9c87500e49484ad0b5d8b4853e5a2c95e22e29fa8b9712ff66e7c3f66e5db842548dee9237bbbfa2dc527ef2b5ca39eb371b4940603ca2

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://requimacofradian.site/srtyuyussertgsdhsrtehtdyhdrydfkrgfrukydjedyjedeyj/dyirtysthstudfyiufdhsdgfjdfyuikfudfyhsdrwrqerregrytrautrsuy/fsbgfshwtjyehstwyeuysryysiuijdydjyttdtaratrtre/Grtdy.pif

Targets

- Target
  
  ee727b982417c3ddc89d37711aa1b1acde817db4a32837a55209a927245497c9.lnk
- Size
  
  2KB
- MD5
  
  cb958910e643b506770ffd61abc0d2dd
- SHA1
  
  4d57d11249ea675c01e15d0b40c3b9283e54936b
- SHA256
  
  ee727b982417c3ddc89d37711aa1b1acde817db4a32837a55209a927245497c9
- SHA512
  
  caa151588a234ffc2c9c87500e49484ad0b5d8b4853e5a2c95e22e29fa8b9712ff66e7c3f66e5db842548dee9237bbbfa2dc527ef2b5ca39eb371b4940603ca2
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2