4691845f25473d94d0e137858595e2cee30899f5dd65921f6c8a52c153573106 | Triage

Sharing

General

Target

4691845f25473d94d0e137858595e2cee30899f5dd65921f6c8a52c153573106
Size

187KB
Sample

240711-azw6ca1gje
MD5

f6a73b07b9e558cdfdfe1982f88e91f4
SHA1

9a8b3d830a772e33efd76d1d85678413d61ef247
SHA256

4691845f25473d94d0e137858595e2cee30899f5dd65921f6c8a52c153573106
SHA512

9daa66fe2bb325c5a1ebf63351abe9d8c8dcabc503463f4097d57029ccdb34a35445b7c2e99e0680da63793dc9466bac4137a06e9f3e0983e70f4d7131d8d172
SSDEEP

3072:xvZcXZZD6xiRDmLwinH9gP7Yru7JAjLV0PRwCYxi1RTPWGj8Sg5y0l:nQZDKi4kinHKjYrGAKVktl

Score

8^/10

execution

Malware Config

Targets

- Target
  
  4691845f25473d94d0e137858595e2cee30899f5dd65921f6c8a52c153573106
- Size
  
  187KB
- MD5
  
  f6a73b07b9e558cdfdfe1982f88e91f4
- SHA1
  
  9a8b3d830a772e33efd76d1d85678413d61ef247
- SHA256
  
  4691845f25473d94d0e137858595e2cee30899f5dd65921f6c8a52c153573106
- SHA512
  
  9daa66fe2bb325c5a1ebf63351abe9d8c8dcabc503463f4097d57029ccdb34a35445b7c2e99e0680da63793dc9466bac4137a06e9f3e0983e70f4d7131d8d172
- SSDEEP
  
  3072:xvZcXZZD6xiRDmLwinH9gP7Yru7JAjLV0PRwCYxi1RTPWGj8Sg5y0l:nQZDKi4kinHKjYrGAKVktl
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2