General

  • Target

    013708ddc8582173245bbda168f07ff1fe827889a0cb70f0238f4e07c21b4e24

  • Size

    2KB

  • Sample

    241113-nz9y4a1jdv

  • MD5

    06a5723be5a243717408b7ea1aa723cb

  • SHA1

    292c09e04d112f8ed9a0331c4957ef5e65f04706

  • SHA256

    013708ddc8582173245bbda168f07ff1fe827889a0cb70f0238f4e07c21b4e24

  • SHA512

    e432ecda4dff3708ba7a8122f23876b929ec9dc069ad47976c9620f3553fe4b24f5671c19ae3690d8fcfede10f7b78f35ebb549c5e4a675b985c21d4842aa099

Score
8/10

Malware Config

Targets

    • Target

      013708ddc8582173245bbda168f07ff1fe827889a0cb70f0238f4e07c21b4e24

    • Size

      2KB

    • MD5

      06a5723be5a243717408b7ea1aa723cb

    • SHA1

      292c09e04d112f8ed9a0331c4957ef5e65f04706

    • SHA256

      013708ddc8582173245bbda168f07ff1fe827889a0cb70f0238f4e07c21b4e24

    • SHA512

      e432ecda4dff3708ba7a8122f23876b929ec9dc069ad47976c9620f3553fe4b24f5671c19ae3690d8fcfede10f7b78f35ebb549c5e4a675b985c21d4842aa099

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks