5e74f08923fec3a5daf99b9a6c0763b21a98226f90c537235408a4258389ca01 | Triage

Resubmissions

09/09/2024, 19:32

240909-x89t5axhkh 10

09/09/2024, 19:31

240909-x8rzbaxgre 8

Sharing

General

Target

armdot deobfuscator.exe
Size

275KB
Sample

240909-x8rzbaxgre
MD5

2bce10bc9bf1c5e013965c7a60deae05
SHA1

7efa1765b1842f4ce9e746c26c7d8394ad7820ce
SHA256

5e74f08923fec3a5daf99b9a6c0763b21a98226f90c537235408a4258389ca01
SHA512

fbfadeb3f983cc76478864de82952ce34cb7543743a3421151827c5a8226d24ddff2409f71230dfc4bbfad441cea9a148a11a31c16e3890cd5a0797fe4a9e7c0
SSDEEP

6144:IwDHUsnM9rwQCz8vRtKT2OyD0Ek+c9NWtO5MxRxLJcNfZ:IAjMnZtgbyD0wyWtOcJeZ

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  armdot deobfuscator.exe
- Size
  
  275KB
- MD5
  
  2bce10bc9bf1c5e013965c7a60deae05
- SHA1
  
  7efa1765b1842f4ce9e746c26c7d8394ad7820ce
- SHA256
  
  5e74f08923fec3a5daf99b9a6c0763b21a98226f90c537235408a4258389ca01
- SHA512
  
  fbfadeb3f983cc76478864de82952ce34cb7543743a3421151827c5a8226d24ddff2409f71230dfc4bbfad441cea9a148a11a31c16e3890cd5a0797fe4a9e7c0
- SSDEEP
  
  6144:IwDHUsnM9rwQCz8vRtKT2OyD0Ek+c9NWtO5MxRxLJcNfZ:IAjMnZtgbyD0wyWtOcJeZ
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution