87e2b97a05efeef1d4ecf64c0941b0c904971f903bffade8ecca315bd3af1fe5 | Triage

Sharing

General

Target

87e2b97a05efeef1d4ecf64c0941b0c904971f903bffade8ecca315bd3af1fe5.lnk
Size

33KB
Sample

240904-ttwr6stcll
MD5

4988a24cf769f89125297dea94dfce14
SHA1

c798be9bf7c850d5debdaba3827d6379f52d0d18
SHA256

87e2b97a05efeef1d4ecf64c0941b0c904971f903bffade8ecca315bd3af1fe5
SHA512

72c055648ed597d260b7ce2879707c3282693d4810d3270054a3aef70b9ad63cfd6db7cf1629dc845b79bf25b0461d650b971fe999f4765c30e39b1291778fac
SSDEEP

768:HMM1EPEetnkiY7c29nz+HrVepbdlPq83TrHRmogEP19w:11MEKvY7PnzMag8XxUEP1q

Score

8^/10

execution

Malware Config

Targets

- Target
  
  87e2b97a05efeef1d4ecf64c0941b0c904971f903bffade8ecca315bd3af1fe5.lnk
- Size
  
  33KB
- MD5
  
  4988a24cf769f89125297dea94dfce14
- SHA1
  
  c798be9bf7c850d5debdaba3827d6379f52d0d18
- SHA256
  
  87e2b97a05efeef1d4ecf64c0941b0c904971f903bffade8ecca315bd3af1fe5
- SHA512
  
  72c055648ed597d260b7ce2879707c3282693d4810d3270054a3aef70b9ad63cfd6db7cf1629dc845b79bf25b0461d650b971fe999f4765c30e39b1291778fac
- SSDEEP
  
  768:HMM1EPEetnkiY7c29nz+HrVepbdlPq83TrHRmogEP19w:11MEKvY7PnzMag8XxUEP1q
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2