General

  • Target

    5d3142a2c1ac81def8da58af680908086afec4369eb4b9a16fc8ace184700826

  • Size

    2KB

  • Sample

    241113-jp8k3axkcs

  • MD5

    2947a03a7bb06bbd6d780b21c29332ee

  • SHA1

    08ee6bd2b01cab6eba4f0853d6061295cdefc727

  • SHA256

    5d3142a2c1ac81def8da58af680908086afec4369eb4b9a16fc8ace184700826

  • SHA512

    4937957f51e6932d831ddc366f6b2f72ef9256304324b7c88ac53e1e117cfea62b5c82bd2033b2b7bcdcaa7d06b611896439586a7120632a680e0557a75d8943

Score
8/10

Malware Config

Targets

    • Target

      5d3142a2c1ac81def8da58af680908086afec4369eb4b9a16fc8ace184700826

    • Size

      2KB

    • MD5

      2947a03a7bb06bbd6d780b21c29332ee

    • SHA1

      08ee6bd2b01cab6eba4f0853d6061295cdefc727

    • SHA256

      5d3142a2c1ac81def8da58af680908086afec4369eb4b9a16fc8ace184700826

    • SHA512

      4937957f51e6932d831ddc366f6b2f72ef9256304324b7c88ac53e1e117cfea62b5c82bd2033b2b7bcdcaa7d06b611896439586a7120632a680e0557a75d8943

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks