General

  • Target

    8c64bf50cb8e72573410f5f1de98f09c2b5c68259b1d5f011767ab14deb12a65

  • Size

    2KB

  • Sample

    241113-ppnhsascqj

  • MD5

    3f5407d2284df359905f02e787aa01c8

  • SHA1

    48f1857a214b207ed3209e02c99d07a35526e901

  • SHA256

    8c64bf50cb8e72573410f5f1de98f09c2b5c68259b1d5f011767ab14deb12a65

  • SHA512

    e9d1603ab6f8464668aa06852287f988d9c6dae618eaaa1db335ae93411156f0b20798af648cad2e8c89b1f3d69d0f42a31d8fee690e262a00fb22af444cd658

Score
8/10

Malware Config

Targets

    • Target

      8c64bf50cb8e72573410f5f1de98f09c2b5c68259b1d5f011767ab14deb12a65

    • Size

      2KB

    • MD5

      3f5407d2284df359905f02e787aa01c8

    • SHA1

      48f1857a214b207ed3209e02c99d07a35526e901

    • SHA256

      8c64bf50cb8e72573410f5f1de98f09c2b5c68259b1d5f011767ab14deb12a65

    • SHA512

      e9d1603ab6f8464668aa06852287f988d9c6dae618eaaa1db335ae93411156f0b20798af648cad2e8c89b1f3d69d0f42a31d8fee690e262a00fb22af444cd658

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks