9f06a0d8c8aeaf97ddca6e6715fe9412b7d2bc6cc1576994be5df321fea58119 | Triage

Sharing

General

Target

836025193255744191.bat
Size

2KB
Sample

240715-g1fy3ssanl
MD5

2f80d632d3d77741f5bea3cb72f8a1cf
SHA1

86277ad9ceadc9fcc4dd5917ae9d9540f831c727
SHA256

9f06a0d8c8aeaf97ddca6e6715fe9412b7d2bc6cc1576994be5df321fea58119
SHA512

c4890839a504af795f63888ae9833ba7b4f85efba38a87fc5078c85fa30675d1f3c64760eb10db1fd874e568fb4d576b565a0a8e221f0f105793be857d7fe4ba

Score

8^/10

execution

Malware Config

Targets

- Target
  
  836025193255744191.bat
- Size
  
  2KB
- MD5
  
  2f80d632d3d77741f5bea3cb72f8a1cf
- SHA1
  
  86277ad9ceadc9fcc4dd5917ae9d9540f831c727
- SHA256
  
  9f06a0d8c8aeaf97ddca6e6715fe9412b7d2bc6cc1576994be5df321fea58119
- SHA512
  
  c4890839a504af795f63888ae9833ba7b4f85efba38a87fc5078c85fa30675d1f3c64760eb10db1fd874e568fb4d576b565a0a8e221f0f105793be857d7fe4ba
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2