General

  • Target

    ec755bc2301aba4a23897daa25df58010d8cc1d69dc8690a993d3fe1cd1f9b54

  • Size

    2KB

  • Sample

    241113-1713dazhqe

  • MD5

    caff6860afd631d38513e233e4c71de1

  • SHA1

    dbda77b782a2589f09033dbe90407443a8e263fb

  • SHA256

    ec755bc2301aba4a23897daa25df58010d8cc1d69dc8690a993d3fe1cd1f9b54

  • SHA512

    1fbbbdfde454923fbaed1d7935d734cea13f8a8dc8a11d5dda946af2bb922260f18c2a2a0433eff5094069ff7d0c9adc0169eac4d2fc16c95be00a378a4a2e8c

Score
8/10

Malware Config

Targets

    • Target

      ec755bc2301aba4a23897daa25df58010d8cc1d69dc8690a993d3fe1cd1f9b54

    • Size

      2KB

    • MD5

      caff6860afd631d38513e233e4c71de1

    • SHA1

      dbda77b782a2589f09033dbe90407443a8e263fb

    • SHA256

      ec755bc2301aba4a23897daa25df58010d8cc1d69dc8690a993d3fe1cd1f9b54

    • SHA512

      1fbbbdfde454923fbaed1d7935d734cea13f8a8dc8a11d5dda946af2bb922260f18c2a2a0433eff5094069ff7d0c9adc0169eac4d2fc16c95be00a378a4a2e8c

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks