General

  • Target

    7fd320db2dc752d3b21342811f6e2cd1379229c5538663b662db14dad0d939a7

  • Size

    46KB

  • Sample

    240629-12stta1djk

  • MD5

    a90ccaafa555671a79d50fd435c0633e

  • SHA1

    f38c51651e8a522b40fe7ebd1bf7a17e752cf71e

  • SHA256

    7fd320db2dc752d3b21342811f6e2cd1379229c5538663b662db14dad0d939a7

  • SHA512

    377258ef3d7f72eb217e0b49556dee9590537c52fffee69f155bb10c301cfdb8e58392ea89536f27a9c4f4faa052a5b2a9dfc1652c92e223297274a467218f22

  • SSDEEP

    768:SWmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJVsrs+ik1ZwqwgjaK60Rjq:Ok3hOdsylKlgxopeiBNhZFGzE+cL2kdm

Malware Config

Targets

    • Target

      7fd320db2dc752d3b21342811f6e2cd1379229c5538663b662db14dad0d939a7

    • Size

      46KB

    • MD5

      a90ccaafa555671a79d50fd435c0633e

    • SHA1

      f38c51651e8a522b40fe7ebd1bf7a17e752cf71e

    • SHA256

      7fd320db2dc752d3b21342811f6e2cd1379229c5538663b662db14dad0d939a7

    • SHA512

      377258ef3d7f72eb217e0b49556dee9590537c52fffee69f155bb10c301cfdb8e58392ea89536f27a9c4f4faa052a5b2a9dfc1652c92e223297274a467218f22

    • SSDEEP

      768:SWmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJVsrs+ik1ZwqwgjaK60Rjq:Ok3hOdsylKlgxopeiBNhZFGzE+cL2kdm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks