6164339f19c91a845c1f28b1ea0f2d4c30734be55c98ea372da7e7c8f59abb33 | Triage

Sharing

General

Target

16102024_0730_DHLShippingDocumentsOCT16.bat.zip
Size

531B
Sample

241016-jbyhyazajf
MD5

a7d665123369b1a30ae3ab3c9092209c
SHA1

2e54e600064f18160bbff01c933a7c0b7837d946
SHA256

6164339f19c91a845c1f28b1ea0f2d4c30734be55c98ea372da7e7c8f59abb33
SHA512

2974cc7ad964bc4cb62b639570552d15fe46509fdf8ff1539fa5641066e45ad617d8b45db61ec0998f4906218e82353a1f56e8189b85c98b6c08676a1fac6e21

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://gurunathanaquaproducts.com/img/calculate.vbs

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=

Targets

- Target
  
  DHLShippingDocumentsOCT16.bat
- Size
  
  548B
- MD5
  
  82c15b923af76b0948e0d4ee2bf55643
- SHA1
  
  f63f70dcd60bc1caa7dea2b578c8327875a96339
- SHA256
  
  7feda153ba607929a53c9daafe358f99079fef0d4c88197a8a7a31239535a208
- SHA512
  
  3e1319fc98bb737cccfc1b26cb77b015f1b75b8622f03cdbcfba7629506b3770a335bec82f1844719d23b228464621f09619282a2e2f8cde181208c348578a6d
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution