General

  • Target

    592bf2e126a4aca8203014440f37126ed9d30cb4f9da553b8c4d52200e8cccee

  • Size

    2KB

  • Sample

    241117-j6bmnavhlg

  • MD5

    948a966ceaebf1a6fd0a8033f496cd78

  • SHA1

    aad1d037ad59ac4aa51f6b31245bbacfb7ddcada

  • SHA256

    592bf2e126a4aca8203014440f37126ed9d30cb4f9da553b8c4d52200e8cccee

  • SHA512

    6c5f83bc08a3f7164ce6e2e558a14c7d4ac1f4b1f0640ad45b2476f4d7532286240aee0e3276fe6e60779c0d25732ca6f63df6d2dd893e8a6046af0643933053

Malware Config

Targets

    • Target

      592bf2e126a4aca8203014440f37126ed9d30cb4f9da553b8c4d52200e8cccee

    • Size

      2KB

    • MD5

      948a966ceaebf1a6fd0a8033f496cd78

    • SHA1

      aad1d037ad59ac4aa51f6b31245bbacfb7ddcada

    • SHA256

      592bf2e126a4aca8203014440f37126ed9d30cb4f9da553b8c4d52200e8cccee

    • SHA512

      6c5f83bc08a3f7164ce6e2e558a14c7d4ac1f4b1f0640ad45b2476f4d7532286240aee0e3276fe6e60779c0d25732ca6f63df6d2dd893e8a6046af0643933053

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks