81a6b554d6ec557f4fc51e144655e03df9303424c9a0c19c0567b5974b7f5adf | Triage

Sharing

General

Target

81a6b554d6ec557f4fc51e144655e03df9303424c9a0c19c0567b5974b7f5adf
Size

2KB
Sample

241119-wj9x6ayhle
MD5

5d4fce0c3008b1e2605cfb20abab03b6
SHA1

f565d7bc92f1a1ae54ac5be17fbc67874af04c45
SHA256

81a6b554d6ec557f4fc51e144655e03df9303424c9a0c19c0567b5974b7f5adf
SHA512

abd0975f11a69330b8a41c78e826b3891040824bcfd6a09f50f0ead5181d15b874063842fcb407330f5c902322027614e4b849231aa9ec049e7480f643b68fd1

Score

8^/10

defense_evasion execution

Malware Config

Targets

- Target
  
  81a6b554d6ec557f4fc51e144655e03df9303424c9a0c19c0567b5974b7f5adf
- Size
  
  2KB
- MD5
  
  5d4fce0c3008b1e2605cfb20abab03b6
- SHA1
  
  f565d7bc92f1a1ae54ac5be17fbc67874af04c45
- SHA256
  
  81a6b554d6ec557f4fc51e144655e03df9303424c9a0c19c0567b5974b7f5adf
- SHA512
  
  abd0975f11a69330b8a41c78e826b3891040824bcfd6a09f50f0ead5181d15b874063842fcb407330f5c902322027614e4b849231aa9ec049e7480f643b68fd1
Score

8^/10

defense_evasion execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionexecution

behavioral2

defense_evasionexecution