b831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af | Triage

Submit
Reports

Overview

overview

Static

static

3

b831b03fcb...af.exe

windows7-x64

b831b03fcb...af.exe

windows10-2004-x64

Sharing

General

Target

b831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af
Size

465KB
Sample

240920-vt18bsxfpf
MD5

18f89dc05d67aae003c7f8b2b60394d6
SHA1

5844e2aff3d3ad18bef6d132e94298aba2e59dbc
SHA256

b831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af
SHA512

e02d3a702acec75118b5244a40b2bf53c5f4be09251251093e75547332e7fa942abaac7b18d427b8decc1c624db34c41dbf07446aedde8ef1fbe0c147a681497
SSDEEP

12288:DCQjgAtAHM+vetZxF5EWry8AJGy0VMgEi:D5ZWs+OZVEWry8AFqEi

Score

10^/10

discovery execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af.exe

Resource

win7-20240903-en

discovery execution

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af.exe

Resource

win10v2004-20240802-en

discovery execution

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://192.168.221.129:44/download/payloadx86_.ps1

Targets

- Target
  
  b831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af
- Size
  
  465KB
- MD5
  
  18f89dc05d67aae003c7f8b2b60394d6
- SHA1
  
  5844e2aff3d3ad18bef6d132e94298aba2e59dbc
- SHA256
  
  b831b03fcb06244c79c75a0c73085126b8809e4f72be2c4c658e60cd07b6f3af
- SHA512
  
  e02d3a702acec75118b5244a40b2bf53c5f4be09251251093e75547332e7fa942abaac7b18d427b8decc1c624db34c41dbf07446aedde8ef1fbe0c147a681497
- SSDEEP
  
  12288:DCQjgAtAHM+vetZxF5EWry8AJGy0VMgEi:D5ZWs+OZVEWry8AFqEi
Score

10^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution

© 2018-2025

Terms | Privacy