adf936aa94c4c8367257ec152acc58820a7768e3367c1acec9a403536d90b5fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15e851a4cb9c2270b109a2a346b9ce9a8c15104825b211a4194b3113c60f8ba3.zip
Size

1KB
Sample

240805-jh1lwatgmb
MD5

74105d76c861f5b12ea8ff9671578c94
SHA1

3fa0c946350ddfba00140fe33cafac465c8de3c8
SHA256

adf936aa94c4c8367257ec152acc58820a7768e3367c1acec9a403536d90b5fe
SHA512

60ba0a727ca6408bbb3bf1ecfe31305afaab83dac7a45afc116a4b375786fb8310e646e8eb38eb8e29df6d36b74e0ebfb7bd77aef2318c4feb4d9c5792eb9c63

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.requimacofradian.site/dfjbhskdbfvsdsfgsh/bzdjgbsdzjkngdsnhgtuonidsgtsgb/neio.exe

Targets

- Target
  
  15e851a4cb9c2270b109a2a346b9ce9a8c15104825b211a4194b3113c60f8ba3.lnk
- Size
  
  2KB
- MD5
  
  1d5c4d5d15b7556fe88893a7352efbf8
- SHA1
  
  124b6911e134fc0ef7d75293bf7736941a5b26e9
- SHA256
  
  15e851a4cb9c2270b109a2a346b9ce9a8c15104825b211a4194b3113c60f8ba3
- SHA512
  
  f678b94722a6d1b6ca4c84c6ea4ea9f116fb56d79000d646f6d1f044cd40069738809babc18972c637d4c457ba82aa1e207cebee756a05cc030e30a8b7b9b244
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2