General

  • Target

    f766c5c62456c6d1a5be2e9ac00cae102f958280162ffc96e12002c62d7600a1

  • Size

    46KB

  • Sample

    240629-13mn7axepd

  • MD5

    f56fca5f66cb5d5c32b3541c5d902119

  • SHA1

    aa9f6657c9ee8016fa12ae0ce39e2f6480d28b27

  • SHA256

    f766c5c62456c6d1a5be2e9ac00cae102f958280162ffc96e12002c62d7600a1

  • SHA512

    97660975369285e249e0079c8768caabf69335f60694a67018da0f1915f108b9da37cca0d802244dbf4322fa245cd60bd36138a78171c5d2c9e232c2f2c0c68e

  • SSDEEP

    768:lsmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJqESeSs+id2LPZhTqjXlAjaK63Rjo:nk3hOdsylKlgxopeiBNhZFGzE+cL2kdJ

Malware Config

Targets

    • Target

      f766c5c62456c6d1a5be2e9ac00cae102f958280162ffc96e12002c62d7600a1

    • Size

      46KB

    • MD5

      f56fca5f66cb5d5c32b3541c5d902119

    • SHA1

      aa9f6657c9ee8016fa12ae0ce39e2f6480d28b27

    • SHA256

      f766c5c62456c6d1a5be2e9ac00cae102f958280162ffc96e12002c62d7600a1

    • SHA512

      97660975369285e249e0079c8768caabf69335f60694a67018da0f1915f108b9da37cca0d802244dbf4322fa245cd60bd36138a78171c5d2c9e232c2f2c0c68e

    • SSDEEP

      768:lsmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJqESeSs+id2LPZhTqjXlAjaK63Rjo:nk3hOdsylKlgxopeiBNhZFGzE+cL2kdJ

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks