Extracted

Extracted

• • Target

    08b85c072d8fba2adda8956c1ee3e086370efd8465700fee83aea4aedb4fdc0b

  • Size

    3KB

  • MD5

    58657e9d42041b92fc229395bec9129f

  • SHA1

    6dfd0ba65d061b6cd7b8e1126553a09c85f58878

  • SHA256

    08b85c072d8fba2adda8956c1ee3e086370efd8465700fee83aea4aedb4fdc0b

  • SHA512

    b7d527a70826e5e8813812936ad70b0bab005ee8d793ff3e940cae5aac0b78e21a5d9e9d24f9a3a885b1438d576e72de5838c404f60c5306a501249a03acc2f8

  Score

  10^/10

  execution

  • Blocklisted process makes network request

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2