General

  • Target

    e92b0b1de4d599033fe6bb687122f5a90e50add363dcac6ebf84491e4dabdfdd

  • Size

    37KB

  • Sample

    240629-14gjkaxera

  • MD5

    fd2cceefc05b49e82bfc75215ffaf21d

  • SHA1

    3570016f813ff125b5feb7450976bd1aae1a2342

  • SHA256

    e92b0b1de4d599033fe6bb687122f5a90e50add363dcac6ebf84491e4dabdfdd

  • SHA512

    5e36af791cbde8e2fef5812043831a322ecc18b1386376b88674e00319ea2bf55f41bd176c44f3a71155b5011c7323675bcf207780fd658d596f19f26e282ec5

  • SSDEEP

    768:uGmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJr4Jets+mW8+vaUm:Ik3hOdsylKlgxopeiBNhZFGzE+cL2kdY

Malware Config

Targets

    • Target

      e92b0b1de4d599033fe6bb687122f5a90e50add363dcac6ebf84491e4dabdfdd

    • Size

      37KB

    • MD5

      fd2cceefc05b49e82bfc75215ffaf21d

    • SHA1

      3570016f813ff125b5feb7450976bd1aae1a2342

    • SHA256

      e92b0b1de4d599033fe6bb687122f5a90e50add363dcac6ebf84491e4dabdfdd

    • SHA512

      5e36af791cbde8e2fef5812043831a322ecc18b1386376b88674e00319ea2bf55f41bd176c44f3a71155b5011c7323675bcf207780fd658d596f19f26e282ec5

    • SSDEEP

      768:uGmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJr4Jets+mW8+vaUm:Ik3hOdsylKlgxopeiBNhZFGzE+cL2kdY

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks