General

  • Target

    291ad07152cd1145df3f0270d026069537686d2ee9c75434350ba10e4e39b45f

  • Size

    37KB

  • Sample

    240629-11yzfaxdrf

  • MD5

    0d7498f12f2824e5a7be5390c7d8218d

  • SHA1

    1748c4cb8ab7e62dcc95059e972cac9e776bb8b5

  • SHA256

    291ad07152cd1145df3f0270d026069537686d2ee9c75434350ba10e4e39b45f

  • SHA512

    4954e84138f6035d607260f3544b53c7baa056232bc32baf0ec547678f798005718dbdcb5afcaa48b8f79b2b218de21a1f6250f56f76c2873c159916f87bb1f4

  • SSDEEP

    768:mGmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJr4Jets+mW8+vaUm:Qk3hOdsylKlgxopeiBNhZFGzE+cL2kdY

Malware Config

Targets

    • Target

      291ad07152cd1145df3f0270d026069537686d2ee9c75434350ba10e4e39b45f

    • Size

      37KB

    • MD5

      0d7498f12f2824e5a7be5390c7d8218d

    • SHA1

      1748c4cb8ab7e62dcc95059e972cac9e776bb8b5

    • SHA256

      291ad07152cd1145df3f0270d026069537686d2ee9c75434350ba10e4e39b45f

    • SHA512

      4954e84138f6035d607260f3544b53c7baa056232bc32baf0ec547678f798005718dbdcb5afcaa48b8f79b2b218de21a1f6250f56f76c2873c159916f87bb1f4

    • SSDEEP

      768:mGmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJr4Jets+mW8+vaUm:Qk3hOdsylKlgxopeiBNhZFGzE+cL2kdY

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks