General

  • Target

    bcbd993d51e0809af0b4743a093f61b852c8b8824cb5a8af45b08fac300cf267

  • Size

    2KB

  • Sample

    241115-szl99azpeq

  • MD5

    046bf54e19820d7a2f666b229d2a938c

  • SHA1

    9a399cfa3a76c9cb6f25c8c5db343e7e44ed5853

  • SHA256

    bcbd993d51e0809af0b4743a093f61b852c8b8824cb5a8af45b08fac300cf267

  • SHA512

    3dbd657b567d0ec5e41a74a2785a8327ccce5678b1fa748636f04e75351e124988c125bac1d16f56c7a02cc542462a329b9c12bda0ed0de32167fab6862e529e

Score
8/10

Malware Config

Targets

    • Target

      bcbd993d51e0809af0b4743a093f61b852c8b8824cb5a8af45b08fac300cf267

    • Size

      2KB

    • MD5

      046bf54e19820d7a2f666b229d2a938c

    • SHA1

      9a399cfa3a76c9cb6f25c8c5db343e7e44ed5853

    • SHA256

      bcbd993d51e0809af0b4743a093f61b852c8b8824cb5a8af45b08fac300cf267

    • SHA512

      3dbd657b567d0ec5e41a74a2785a8327ccce5678b1fa748636f04e75351e124988c125bac1d16f56c7a02cc542462a329b9c12bda0ed0de32167fab6862e529e

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks