General

  • Target

    ff8094076899cc4f60ddd2653dc6291fc3d36db453f9e7276e31253acbd225e6

  • Size

    2KB

  • Sample

    241115-s5xceawhld

  • MD5

    fe6ff0567b2b5ad90be7f59631b5affc

  • SHA1

    5444af92c4b573e18d17df89c4cacb60aa8a4069

  • SHA256

    ff8094076899cc4f60ddd2653dc6291fc3d36db453f9e7276e31253acbd225e6

  • SHA512

    4b8bcb3433a6d3d14d55d9dd167e13789ab2029ee1c69df76d1a99b56cc5c7bb2ad89776958f09363d2924d3fc9e64fc5ef2e112975aeaae6acde2738d748ebf

Score
8/10

Malware Config

Targets

    • Target

      ff8094076899cc4f60ddd2653dc6291fc3d36db453f9e7276e31253acbd225e6

    • Size

      2KB

    • MD5

      fe6ff0567b2b5ad90be7f59631b5affc

    • SHA1

      5444af92c4b573e18d17df89c4cacb60aa8a4069

    • SHA256

      ff8094076899cc4f60ddd2653dc6291fc3d36db453f9e7276e31253acbd225e6

    • SHA512

      4b8bcb3433a6d3d14d55d9dd167e13789ab2029ee1c69df76d1a99b56cc5c7bb2ad89776958f09363d2924d3fc9e64fc5ef2e112975aeaae6acde2738d748ebf

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks