722c42c544ec40709b016906077aa4ee555c414a998e3986d9b44e4cfb28b4c2 | Triage

Sharing

General

Target

s.bat
Size

864KB
Sample

240515-2txngage64
MD5

42c72c26bb7fc92064808e8edb9efdbc
SHA1

8b9cb6f781b99cc723aa2a0d9bcffecd73a5490a
SHA256

722c42c544ec40709b016906077aa4ee555c414a998e3986d9b44e4cfb28b4c2
SHA512

7ac1c09e3242eb3d43d9a1c86e1abd5c1cdc75b5a32881a7287defb0407010533c891eaa0b0d12a496d885ebfc3bc41b57934dfe55a979f0a08a2745d61c167e
SSDEEP

24576:ifUMJg2oIqiT97xw/+JOg0MJcz/aaCbZr:SU/s1T9N0/aawr

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  s.bat
- Size
  
  864KB
- MD5
  
  42c72c26bb7fc92064808e8edb9efdbc
- SHA1
  
  8b9cb6f781b99cc723aa2a0d9bcffecd73a5490a
- SHA256
  
  722c42c544ec40709b016906077aa4ee555c414a998e3986d9b44e4cfb28b4c2
- SHA512
  
  7ac1c09e3242eb3d43d9a1c86e1abd5c1cdc75b5a32881a7287defb0407010533c891eaa0b0d12a496d885ebfc3bc41b57934dfe55a979f0a08a2745d61c167e
- SSDEEP
  
  24576:ifUMJg2oIqiT97xw/+JOg0MJcz/aaCbZr:SU/s1T9N0/aawr
Score

8^/10

execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionpersistence