b6b4baa51c6b458023eb7f29ee5b7c73e05dd58b9e4f6cebe26ad515792262c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08-11539-99290.zip
Size

647B
Sample

240714-vnyv1szbpq
MD5

e321edea7de624fec0b8ecc399b583f2
SHA1

ccd953a3de4a8c186d9b056d5433ecee3f7bffc9
SHA256

b6b4baa51c6b458023eb7f29ee5b7c73e05dd58b9e4f6cebe26ad515792262c0
SHA512

2f6de395befb40a4ba6c59b180a77f047261514bd5167935c58577cdf2a867c496b865efafcd78877ea5846bb50c7bf289450db096da0a92c52f3fa37daa40c8

Score

8^/10

execution

Malware Config

Targets

- Target
  
  1101630210483563.bat
- Size
  
  2KB
- MD5
  
  379539720390f89914d6d2b1287f6dbd
- SHA1
  
  cb1f700d440287d870b8fb35a64d046f27dcc065
- SHA256
  
  47a9e5114576daa883ba65d00af4276df8148ea9e0881ba223b52625d775304a
- SHA512
  
  a8f2d78648535ea946885d29c0aad3606ccaa14efadc215a7f38fed643741f2a30c85a3deeabcd457277e0f60b68553c38c3c756ce576da4b4291157c4979e17
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2