fc21b27e3f1cf0405d857a4f2a5026efd7eb9e7ee759cb5a79b7eadef3afa66d | Triage

Sharing

General

Target

Rechnung-RG156741.zip
Size

1KB
Sample

240719-hab3wazgjh
MD5

a5b8fd26d78a3150ec41bc40cc94bff5
SHA1

e1d806489bac7cdf6d9ae10c9ff5e8329acd9cf3
SHA256

fc21b27e3f1cf0405d857a4f2a5026efd7eb9e7ee759cb5a79b7eadef3afa66d
SHA512

1426c01090c1e7de444162bb32f2c2858b4f77c83aad8589a2b2a0bf33ec803fc533ad2b401daebf0d04330428b405972d03e2d13d118972d4371aff08307434

Score

8^/10

execution

Malware Config

Targets

- Target
  
  321765356086647.bat
- Size
  
  3KB
- MD5
  
  00e8f911da6647defb3d971de3bd2ce8
- SHA1
  
  7a4b4543eac57c3cd01606964ffb83152206a266
- SHA256
  
  85b254adbdad5f84515c6ab1ff7519de305c08f06f9dca419af7c88c6bbb496e
- SHA512
  
  9e1b471b385834fd1b3d3489942c007a7781e4a822353f28f74a72cedad74aba0101935dc1480b53b14b92ce2042121e1ff1d404ffdb8ebe49ecfb03deac0a93
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2