05b0eea186c9e55291eb4e8b2814ee388d0d611de6ad85b52472c7166a8eb2bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Vertragsrechnung 568356.zip
Size

656B
Sample

240715-hptw8stdkp
MD5

c2100f3ab66f7aa4ba89153d2a7b66f4
SHA1

ed1d2424b26b7cc044e2d9a0af61b6d2181b3172
SHA256

05b0eea186c9e55291eb4e8b2814ee388d0d611de6ad85b52472c7166a8eb2bd
SHA512

33648966a08d4c9fdfed2d62e0f0ca6390cdb0bfecd3538897fb85cf20f7b3e60ea469623da91c83ee80c10044b07056d0d8c7fe72523848b729bd395559f4b2

Score

8^/10

execution

Malware Config

Targets

- Target
  
  1300123242451027586.bat
- Size
  
  2KB
- MD5
  
  95a8718870a9a0b4d4e1416dc2a5e7e9
- SHA1
  
  d9e05b12036456e5a27589ad60f46a8a8a9465aa
- SHA256
  
  5350a99bbe1180e6d55f1e940c1397ce9727bf40681431db6d81f534acd6f307
- SHA512
  
  6dbcd7fbbf43fa9928c78ea9c805a3b45536fa8c32b04b9126fec0893f420c66b835463bf26991b921a1cb54b493a26fcc6d7c95194bce24ab42155ce9935af8
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2