General
-
Target
assumption.ps1
-
Size
481B
-
Sample
241115-tr19wa1laq
-
MD5
39d8031c5b0a764bdfc3656c9c0a7c6b
-
SHA1
26411e1344746285e009a03e80a7d77703bf759d
-
SHA256
91b3a553ddf46ca172fba1f935a3b563446342a4bc0eb92e8c4188e1c5e11370
-
SHA512
b6af63bcfd973d69161854f15b5a958ea72b8ef7d996a9800180a97b66e23928dbb5a7a8f899a0b1f8a5e0de4a84859b9827b6ef90072788357b4361ea862f7c
Static task
static1
Malware Config
Extracted
https://storageinstance.oss-ap-southeast-1.aliyuncs.com/AssumedAlready.zip
Targets
-
-
Target
assumption.ps1
-
Size
481B
-
MD5
39d8031c5b0a764bdfc3656c9c0a7c6b
-
SHA1
26411e1344746285e009a03e80a7d77703bf759d
-
SHA256
91b3a553ddf46ca172fba1f935a3b563446342a4bc0eb92e8c4188e1c5e11370
-
SHA512
b6af63bcfd973d69161854f15b5a958ea72b8ef7d996a9800180a97b66e23928dbb5a7a8f899a0b1f8a5e0de4a84859b9827b6ef90072788357b4361ea862f7c
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates processes with tasklist
-