d36fb7e1bc3bc3c802595a92efb242f8d50ba295b3f19bbf23bebd1853851027 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

214275457180221399.bat
Size

12KB
Sample

240720-l55kfs1clg
MD5

b868ed125c2e272172de9d3c5b3ed5ec
SHA1

3a15b306ec14a3886246c2a3ce3f6995024d2c6f
SHA256

d36fb7e1bc3bc3c802595a92efb242f8d50ba295b3f19bbf23bebd1853851027
SHA512

f879f73d50baed94e0e85017d8f79837b8afdd91bdf01e157921e38770f6918d5c0159adf393bef59391ecebb7dd54c753a3c82c320372d8a7092f5edc5678dd
SSDEEP

384:DNBoax7hjI1lWnIAIA0CpS51ksRF014h6HzEtDHHJ2h:DjoaxVI1UIAkCp+ZwzW8h

Score

8^/10

execution

Malware Config

Targets

- Target
  
  214275457180221399.bat
- Size
  
  12KB
- MD5
  
  b868ed125c2e272172de9d3c5b3ed5ec
- SHA1
  
  3a15b306ec14a3886246c2a3ce3f6995024d2c6f
- SHA256
  
  d36fb7e1bc3bc3c802595a92efb242f8d50ba295b3f19bbf23bebd1853851027
- SHA512
  
  f879f73d50baed94e0e85017d8f79837b8afdd91bdf01e157921e38770f6918d5c0159adf393bef59391ecebb7dd54c753a3c82c320372d8a7092f5edc5678dd
- SSDEEP
  
  384:DNBoax7hjI1lWnIAIA0CpS51ksRF014h6HzEtDHHJ2h:DjoaxVI1UIAkCp+ZwzW8h
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2