3e27d2aee2a3f3a1f28e27100ed8b966ee82a85ec94d8d715f390d824e20abba | Triage

Sharing

General

Target

bat.bat
Size

5.8MB
Sample

240802-rk8dhascjb
MD5

f3281ed9a501fd2ff062664456bd3016
SHA1

4e41be0fe4bf26907eaa738fffaabf10651c15b5
SHA256

3e27d2aee2a3f3a1f28e27100ed8b966ee82a85ec94d8d715f390d824e20abba
SHA512

cbd41cc54655e2fc7159d4cf50c6b0424b7caf927016735bf1e84b1b69ff58cf12abcee724af99f2c0aba7e176393477c16cf183d99c48163d9b85f8e7aaf1b4
SSDEEP

98304:BAqV8T0g2Vnxg8T2D0aBBbhP9HbTEU28tf:4TNBBbhPdT/f

Score

8^/10

execution

Malware Config

Targets

- Target
  
  bat.bat
- Size
  
  5.8MB
- MD5
  
  f3281ed9a501fd2ff062664456bd3016
- SHA1
  
  4e41be0fe4bf26907eaa738fffaabf10651c15b5
- SHA256
  
  3e27d2aee2a3f3a1f28e27100ed8b966ee82a85ec94d8d715f390d824e20abba
- SHA512
  
  cbd41cc54655e2fc7159d4cf50c6b0424b7caf927016735bf1e84b1b69ff58cf12abcee724af99f2c0aba7e176393477c16cf183d99c48163d9b85f8e7aaf1b4
- SSDEEP
  
  98304:BAqV8T0g2Vnxg8T2D0aBBbhP9HbTEU28tf:4TNBBbhPdT/f
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2