0c71dfce4d8138a6bd727ea362e874d60bbfc8172399c3c97823bb6d72a884b5 | Triage

Sharing

General

Target

17843242292216017916.bat
Size

13KB
Sample

240719-2nekpstfkm
MD5

2a824d121e93386d58bbd33196579132
SHA1

76f7b44b962a147d014ce72e31562ba5823446c7
SHA256

0c71dfce4d8138a6bd727ea362e874d60bbfc8172399c3c97823bb6d72a884b5
SHA512

bc4782eb46e0c438127f27023cfb08f9d08ff8c59a8e5fcc20ecef50b26c37fa4fec3ae24fbef3edaca3ae83052b008f0e9e93e94596844217cce2848dcd5972
SSDEEP

384:HvZYxYW3QsuS38IpBOGdb8JohgDuqC8b2hIIIob2hIIITUQaiCMaHHkr:HSxYW3QI7OowOhgDw8IpmBc

Score

8^/10

execution

Malware Config

Targets

- Target
  
  17843242292216017916.bat
- Size
  
  13KB
- MD5
  
  2a824d121e93386d58bbd33196579132
- SHA1
  
  76f7b44b962a147d014ce72e31562ba5823446c7
- SHA256
  
  0c71dfce4d8138a6bd727ea362e874d60bbfc8172399c3c97823bb6d72a884b5
- SHA512
  
  bc4782eb46e0c438127f27023cfb08f9d08ff8c59a8e5fcc20ecef50b26c37fa4fec3ae24fbef3edaca3ae83052b008f0e9e93e94596844217cce2848dcd5972
- SSDEEP
  
  384:HvZYxYW3QsuS38IpBOGdb8JohgDuqC8b2hIIIob2hIIITUQaiCMaHHkr:HSxYW3QI7OowOhgDw8IpmBc
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2