861dce61ef3ff99e0171216006bed5a42a5bb62e69cdb949a6f71b1d3ed50f84 | Triage

Sharing

General

Target

1849625714245234452.bat
Size

14KB
Sample

240719-pe43sazhnl
MD5

9a56cb79de8c0c6c2d53533dcadc412f
SHA1

0f0d86251caef82aaafe43f97515df8ad1e51d8e
SHA256

861dce61ef3ff99e0171216006bed5a42a5bb62e69cdb949a6f71b1d3ed50f84
SHA512

c23f48a8d4a1bf076b3561183dfa1ccf6ad29590bcc26c5035aea76b9e157e06a5c335ca5fbf1625e16ddec050ca4b51d0f10a356eac87450242f73a54a8ef76
SSDEEP

384:/njVjrftmoud5kC1SMR/Z2haNhhPnlM+pTDLtX4:JooudSISMR/Z2harBnrv2

Score

8^/10

execution

Malware Config

Targets

- Target
  
  1849625714245234452.bat
- Size
  
  14KB
- MD5
  
  9a56cb79de8c0c6c2d53533dcadc412f
- SHA1
  
  0f0d86251caef82aaafe43f97515df8ad1e51d8e
- SHA256
  
  861dce61ef3ff99e0171216006bed5a42a5bb62e69cdb949a6f71b1d3ed50f84
- SHA512
  
  c23f48a8d4a1bf076b3561183dfa1ccf6ad29590bcc26c5035aea76b9e157e06a5c335ca5fbf1625e16ddec050ca4b51d0f10a356eac87450242f73a54a8ef76
- SSDEEP
  
  384:/njVjrftmoud5kC1SMR/Z2haNhhPnlM+pTDLtX4:JooudSISMR/Z2harBnrv2
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2