dcc3574ccccae25ee8c2b6940853fd92cac81435a02f3524fb2b697af3c6165f | Triage

Sharing

General

Target

05112024_0053_30102024_Documents.zip
Size

448KB
Sample

241105-a8xhgazqav
MD5

20c1a7d6b430f0374a3e9919a2da4748
SHA1

4634320d5d679d00b27055660a6ca568ab3dd158
SHA256

dcc3574ccccae25ee8c2b6940853fd92cac81435a02f3524fb2b697af3c6165f
SHA512

35551bb8af4dba6f8a069bbf9a9e312be8505684536c3f31831921231b5efb0471e8b2f0fb7de16e5b20643ac27df187a28983631de61a9261da58141483fd68
SSDEEP

12288:Qv1jTUavoo67L9FADkX18TvxCcogCYIjh85tA:QVgagGQ6JT+tji5G

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

- Target
  
  Documents.js
- Size
  
  400.0MB
- MD5
  
  647813cf3cca40181f8330cec1ee80df
- SHA1
  
  ca602c6199ffe426328e277a05dc849a574be41b
- SHA256
  
  1f75d59616e804ffbe35de4e67a33db2c58c55da59d4302f818a53f4d6d1b9c9
- SHA512
  
  acf4bb9d182f41185a86c36c630d273716041f974c6cf5c36dae4ebfe434369220474f38c483cdfbac6f8171980931f976330ee8d9be7d76c2976f5b45becbc8
- SSDEEP
  
  3072:kE2dapfO3R9u2rWy5ei4uzUuHUdTxcE2dapfO3R9u2rWy5e:kE5pkbuK8ErkcE5pkbuK8
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2