04363d3c6d6f3badf15f8e99d3739612a7eec439cdcb4457150bbb330a829e7a | Triage

Sharing

General

Target

ciuNW
Size

59KB
Sample

241031-t9qabs1hpn
MD5

a43e44e9f6ad3bca330e780537a592a5
SHA1

0e684129f92c43e33ab258dda8da023bbb9054a1
SHA256

04363d3c6d6f3badf15f8e99d3739612a7eec439cdcb4457150bbb330a829e7a
SHA512

4351645acf933428fbfe7c96d74f1c2c642c632e9b1cecee88151fcb416e89015cc7b4e399bbfc9cdcb0f0b4ba0fb1b7330e72d866c6b17049f973650037cbbc
SSDEEP

1536:IHXpEjO9Xwq2Sk6e2Nhxdd5pdLv+lFq4QmuWOMP3HXpEjO9Xwq2Sk6e2Nhxdd5p6:IHXp+q62Nhxdd5pdqFv1HXp+q62Nhxds

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

- Target
  
  ciuNW
- Size
  
  59KB
- MD5
  
  a43e44e9f6ad3bca330e780537a592a5
- SHA1
  
  0e684129f92c43e33ab258dda8da023bbb9054a1
- SHA256
  
  04363d3c6d6f3badf15f8e99d3739612a7eec439cdcb4457150bbb330a829e7a
- SHA512
  
  4351645acf933428fbfe7c96d74f1c2c642c632e9b1cecee88151fcb416e89015cc7b4e399bbfc9cdcb0f0b4ba0fb1b7330e72d866c6b17049f973650037cbbc
- SSDEEP
  
  1536:IHXpEjO9Xwq2Sk6e2Nhxdd5pdLv+lFq4QmuWOMP3HXpEjO9Xwq2Sk6e2Nhxdd5p6:IHXp+q62Nhxdd5pdqFv1HXp+q62Nhxds
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1