b90e93adc5ebfdd19103b5a60a61f20f5a570f8515ef4452e0936ab05a2e6773 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gorilla Gen2.2.bat
Size

902KB
Sample

240504-emj3gacf8v
MD5

038246f26192b6809d46ee6ef5d7513f
SHA1

d24cf7b542dce55f563e6addd677cc17990337fb
SHA256

b90e93adc5ebfdd19103b5a60a61f20f5a570f8515ef4452e0936ab05a2e6773
SHA512

5e2fbdc4c0cca49532d1cc03471da5972ee2973aa540859ca19781150d50e3071daf0678b4b4d7841beab2993a27a483c85a50dbc1f4868b613c7d86aeaee5b5
SSDEEP

24576:6qooun3P+2fjJUH0hwlpQFKAo8dof2o3oyNlkMOma1L:QogPfjJq0kYJ2XNl5OL

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Gorilla Gen2.2.bat
- Size
  
  902KB
- MD5
  
  038246f26192b6809d46ee6ef5d7513f
- SHA1
  
  d24cf7b542dce55f563e6addd677cc17990337fb
- SHA256
  
  b90e93adc5ebfdd19103b5a60a61f20f5a570f8515ef4452e0936ab05a2e6773
- SHA512
  
  5e2fbdc4c0cca49532d1cc03471da5972ee2973aa540859ca19781150d50e3071daf0678b4b4d7841beab2993a27a483c85a50dbc1f4868b613c7d86aeaee5b5
- SSDEEP
  
  24576:6qooun3P+2fjJUH0hwlpQFKAo8dof2o3oyNlkMOma1L:QogPfjJq0kYJ2XNl5OL
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1