cf0646244c6f759d1f6c69e14f2fc0bab8f1e6fe99fde863b6edfc5bfda44777 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12439171432166231939.bat
Size

2KB
Sample

240713-q4w9xatbjj
MD5

b731b375fbc90398d7920262c60f40bd
SHA1

ee1d1ee5d13439a51df74e7dbc291c4f146a76f3
SHA256

cf0646244c6f759d1f6c69e14f2fc0bab8f1e6fe99fde863b6edfc5bfda44777
SHA512

ac8d68fe1d1745a6380f25051b9f6077c0c8370292a75c09d89b1ad923e1ce122b98f774a54cb4570a44b55c359bef0ca22ed61c424f74a33d955ad5e02ec3ec

Score

8^/10

execution

Malware Config

Targets

- Target
  
  12439171432166231939.bat
- Size
  
  2KB
- MD5
  
  b731b375fbc90398d7920262c60f40bd
- SHA1
  
  ee1d1ee5d13439a51df74e7dbc291c4f146a76f3
- SHA256
  
  cf0646244c6f759d1f6c69e14f2fc0bab8f1e6fe99fde863b6edfc5bfda44777
- SHA512
  
  ac8d68fe1d1745a6380f25051b9f6077c0c8370292a75c09d89b1ad923e1ce122b98f774a54cb4570a44b55c359bef0ca22ed61c424f74a33d955ad5e02ec3ec
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2