13b9a918832001cbff2eb85b63924c25d8f4edf3d22e15a46f7efe52c96db2a9 | Triage

Sharing

General

Target

240631439621623086.bat
Size

2KB
Sample

240714-r18dfaxand
MD5

e8a0d76c535e80d80e55cb18bc6cfa51
SHA1

dc13de3c8d63f2b1be060be4efe581906d7d4a40
SHA256

13b9a918832001cbff2eb85b63924c25d8f4edf3d22e15a46f7efe52c96db2a9
SHA512

a3ed3722e3d242fa9b32815c5b92c175b4fd5628926715f6350df4c51f9c89c73258775604d9cf431bc570d28e87db97b3ce74b619b3a6ca2d46e5324d1f0306

Score

8^/10

execution

Malware Config

Targets

- Target
  
  240631439621623086.bat
- Size
  
  2KB
- MD5
  
  e8a0d76c535e80d80e55cb18bc6cfa51
- SHA1
  
  dc13de3c8d63f2b1be060be4efe581906d7d4a40
- SHA256
  
  13b9a918832001cbff2eb85b63924c25d8f4edf3d22e15a46f7efe52c96db2a9
- SHA512
  
  a3ed3722e3d242fa9b32815c5b92c175b4fd5628926715f6350df4c51f9c89c73258775604d9cf431bc570d28e87db97b3ce74b619b3a6ca2d46e5324d1f0306
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2