General

  • Target

    951699d4904dd0321aecd243815a7b33dd549bb567f43e67ee00dcbf8281bdaf

  • Size

    3KB

  • Sample

    241113-n4y3ds1kby

  • MD5

    bdf657711d0c0f2df1e5a273bb58f740

  • SHA1

    eba9bdd4590e7f0830057e7d9526d3b5a4755b0f

  • SHA256

    951699d4904dd0321aecd243815a7b33dd549bb567f43e67ee00dcbf8281bdaf

  • SHA512

    6dfd0864967d115a0d89ba7f4d21dd6cb1a0fa2368524d6621be1e38ac1b9aceb2424d77e8ada451de3661904e627c4aeb2f4edceaffbba74c6f57a5db129faf

Score
8/10

Malware Config

Targets

    • Target

      951699d4904dd0321aecd243815a7b33dd549bb567f43e67ee00dcbf8281bdaf

    • Size

      3KB

    • MD5

      bdf657711d0c0f2df1e5a273bb58f740

    • SHA1

      eba9bdd4590e7f0830057e7d9526d3b5a4755b0f

    • SHA256

      951699d4904dd0321aecd243815a7b33dd549bb567f43e67ee00dcbf8281bdaf

    • SHA512

      6dfd0864967d115a0d89ba7f4d21dd6cb1a0fa2368524d6621be1e38ac1b9aceb2424d77e8ada451de3661904e627c4aeb2f4edceaffbba74c6f57a5db129faf

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks