General

  • Target

    7bb80f407eb314c7a818e22ae1134881414e506ddcaed91b4973b2bbeb400c0d

  • Size

    2KB

  • Sample

    241117-hgykfstepc

  • MD5

    e4650487cda91cd206522a32c5426f2a

  • SHA1

    8feeb42f063fb67fbecc2e90c2d3fadbe7c523dd

  • SHA256

    7bb80f407eb314c7a818e22ae1134881414e506ddcaed91b4973b2bbeb400c0d

  • SHA512

    957f709cd1333e1e4faae6448de55a8743a62c7ce65d71fe5bbaa3d631cf6803f81f26b759f2cf2baef1ff46cf58bd54fa50be1e0f851bc3d86fb5fe56bec191

Malware Config

Targets

    • Target

      7bb80f407eb314c7a818e22ae1134881414e506ddcaed91b4973b2bbeb400c0d

    • Size

      2KB

    • MD5

      e4650487cda91cd206522a32c5426f2a

    • SHA1

      8feeb42f063fb67fbecc2e90c2d3fadbe7c523dd

    • SHA256

      7bb80f407eb314c7a818e22ae1134881414e506ddcaed91b4973b2bbeb400c0d

    • SHA512

      957f709cd1333e1e4faae6448de55a8743a62c7ce65d71fe5bbaa3d631cf6803f81f26b759f2cf2baef1ff46cf58bd54fa50be1e0f851bc3d86fb5fe56bec191

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks