General

  • Target

    file01.ps1

  • Size

    350B

  • Sample

    240809-zjvd9aybmm

  • MD5

    87c38dbe027bf817cdd4d164709f17f4

  • SHA1

    92d099cf04ecfa87dd4f87e7bc145fc751bfd818

  • SHA256

    6d0afcf0e9c77bb643a63c643387a10ff4a9a1cfd77e42b508fbab8e3746ff5e

  • SHA512

    607aba153b38bc98a4c11c2ac74cf83f98193ba2df551c897703320a2d36fe59ccf8b9d28edba8dbbae9f9d5c4b8fd3e52ff0d2888dcbaf2f3029b4d3d5b8dc6

Malware Config

Targets

    • Target

      file01.ps1

    • Size

      350B

    • MD5

      87c38dbe027bf817cdd4d164709f17f4

    • SHA1

      92d099cf04ecfa87dd4f87e7bc145fc751bfd818

    • SHA256

      6d0afcf0e9c77bb643a63c643387a10ff4a9a1cfd77e42b508fbab8e3746ff5e

    • SHA512

      607aba153b38bc98a4c11c2ac74cf83f98193ba2df551c897703320a2d36fe59ccf8b9d28edba8dbbae9f9d5c4b8fd3e52ff0d2888dcbaf2f3029b4d3d5b8dc6

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks