711247fa9191a9a0b42536a2ad3f8a048459eb4ad3b55ac063558a9591d82f19 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c35b66e87532c4159fa9bd982af3a6e9.bin
Size

754B
Sample

240615-c8yfwawhpf
MD5

c3868bc60fd7fe4a697b9b9aa35a2950
SHA1

c294c351f85f00c0bee32342a5e7b5540fffd776
SHA256

711247fa9191a9a0b42536a2ad3f8a048459eb4ad3b55ac063558a9591d82f19
SHA512

5688827323826647e80efce641310f450aa7730adb18e0db37567f9a4b3f40f8f1166a98541afe652ecc89af479a55d7a10887e97f9e9baf2ac4a2aef5ebc2bf

Score

8^/10

execution

Malware Config

Targets

- Target
  
  ac9f41cd1815837f3618f036ceec3e7e6f74cf393ddcd403df8415786908df88.js
- Size
  
  1KB
- MD5
  
  c35b66e87532c4159fa9bd982af3a6e9
- SHA1
  
  6f88218ee8f72fdfba64adf56066c7e5269d40dc
- SHA256
  
  ac9f41cd1815837f3618f036ceec3e7e6f74cf393ddcd403df8415786908df88
- SHA512
  
  89dfdc5c1f8a035d054b4cf2d30cc90751fe09870242472c4a139773fa124bdf14e36f8b554a06cafde2fd38f83888f4de7ee4b4fa6dad9abc9ab94656a74932
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2