General

  • Target

    assumption.ps1

  • Size

    481B

  • Sample

    241115-tr19wa1laq

  • MD5

    39d8031c5b0a764bdfc3656c9c0a7c6b

  • SHA1

    26411e1344746285e009a03e80a7d77703bf759d

  • SHA256

    91b3a553ddf46ca172fba1f935a3b563446342a4bc0eb92e8c4188e1c5e11370

  • SHA512

    b6af63bcfd973d69161854f15b5a958ea72b8ef7d996a9800180a97b66e23928dbb5a7a8f899a0b1f8a5e0de4a84859b9827b6ef90072788357b4361ea862f7c

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://storageinstance.oss-ap-southeast-1.aliyuncs.com/AssumedAlready.zip

Targets

    • Target

      assumption.ps1

    • Size

      481B

    • MD5

      39d8031c5b0a764bdfc3656c9c0a7c6b

    • SHA1

      26411e1344746285e009a03e80a7d77703bf759d

    • SHA256

      91b3a553ddf46ca172fba1f935a3b563446342a4bc0eb92e8c4188e1c5e11370

    • SHA512

      b6af63bcfd973d69161854f15b5a958ea72b8ef7d996a9800180a97b66e23928dbb5a7a8f899a0b1f8a5e0de4a84859b9827b6ef90072788357b4361ea862f7c

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks