669c3caf7c5ca7c020002fdaa36418938f18ef80184bc717bc86736871564ae5 | Triage

Sharing

General

Target

eb0a3a1f843c7897776dab5da1eaeab2f0622d2bf35f97eb6cc75efcd142da57.zip
Size

1KB
Sample

240720-cgkqpsvena
MD5

7365818e040d6c2717ebc80cf57f2c3b
SHA1

342c6e11e507473716bc52d4aa4c7bee1481400d
SHA256

669c3caf7c5ca7c020002fdaa36418938f18ef80184bc717bc86736871564ae5
SHA512

fd1bfaf819755d2a3bcf5c4d8491e73794c28564a57208ec434068562e8fd08bfd25b3c77000c14bbad2423a608636f7fc9e2dbfb1a5018d36ed50d5dc359573

Score

8^/10

execution

Malware Config

Targets

- Target
  
  eb0a3a1f843c7897776dab5da1eaeab2f0622d2bf35f97eb6cc75efcd142da57.bat
- Size
  
  2KB
- MD5
  
  6c441ea7d00ab6ebfe9c4230740efdbe
- SHA1
  
  1110410c81796ab9ee8d549e0691360b56429c84
- SHA256
  
  eb0a3a1f843c7897776dab5da1eaeab2f0622d2bf35f97eb6cc75efcd142da57
- SHA512
  
  57ba65e7b16d70ac1ba8284e33747adac0de3ac871a6f4357eacc52091836759e51943f423a841dd0b2535fe0162eaa726d550afb28eb78b80f4cdbe98467f17
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2