678f18e1f026d03c4e6f5ede091178766adb1aaa3dd8ffa9a8f60af04fac4713 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Z48Y4fAm0DxOb17eCRF4dmrbGqo92P_pqPYK8E_sRxM.bin
Size

12KB
Sample

240528-ybdwvshc9t
MD5

ada24747150059096a01eb647f90c0c1
SHA1

b14553a1f9073bb1b6a482eee268b622c186aa84
SHA256

678f18e1f026d03c4e6f5ede091178766adb1aaa3dd8ffa9a8f60af04fac4713
SHA512

11fc3f3a70402ad47b3dc4174ce04b7e784abbed4bdb13be4d8d73b5ce5a01bc8a02d3ac07f377b4998a888c0bf0b6bfc63c55fc9a95bdbe66308726dcaa2d55
SSDEEP

384:OdrMMwmeaPqtYXvVqpSz+Ihmn4LIwnqKjDWXytnqDUoBSWBxyKGGTjWNOiTl31RK:yNzrPqtYf8pE+S+

Score

10^/10

execution persistence

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://clientidif0ight.worldbinders.com/download-file/Jb14ACQQwSGYXuPx

Targets

- Target
  
  Z48Y4fAm0DxOb17eCRF4dmrbGqo92P_pqPYK8E_sRxM.bin
- Size
  
  12KB
- MD5
  
  ada24747150059096a01eb647f90c0c1
- SHA1
  
  b14553a1f9073bb1b6a482eee268b622c186aa84
- SHA256
  
  678f18e1f026d03c4e6f5ede091178766adb1aaa3dd8ffa9a8f60af04fac4713
- SHA512
  
  11fc3f3a70402ad47b3dc4174ce04b7e784abbed4bdb13be4d8d73b5ce5a01bc8a02d3ac07f377b4998a888c0bf0b6bfc63c55fc9a95bdbe66308726dcaa2d55
- SSDEEP
  
  384:OdrMMwmeaPqtYXvVqpSz+Ihmn4LIwnqKjDWXytnqDUoBSWBxyKGGTjWNOiTl31RK:yNzrPqtYf8pE+S+
Score

10^/10

execution persistence
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

executionpersistence