General
-
Target
80149457d49d4b0d60b473fe562fc102b186fe691dda4f8869f640d27ad4033a
-
Size
2KB
-
Sample
241119-xkv13azmdy
-
MD5
0e726ce306e8c5464d6208c4be48c13e
-
SHA1
6731929924e9e74783b2dc69ca325cc2d04733e4
-
SHA256
80149457d49d4b0d60b473fe562fc102b186fe691dda4f8869f640d27ad4033a
-
SHA512
09b5bc7d38ad3b8115cbd49ad114c3e26c5f1fd227bc69c833c01c3ca9e607b8760ddf786c2e52a2f668ea2d5bff8ab820367db43e463dc2936ac484527f53dd
Malware Config
Targets
-
-
Target
80149457d49d4b0d60b473fe562fc102b186fe691dda4f8869f640d27ad4033a
-
Size
2KB
-
MD5
0e726ce306e8c5464d6208c4be48c13e
-
SHA1
6731929924e9e74783b2dc69ca325cc2d04733e4
-
SHA256
80149457d49d4b0d60b473fe562fc102b186fe691dda4f8869f640d27ad4033a
-
SHA512
09b5bc7d38ad3b8115cbd49ad114c3e26c5f1fd227bc69c833c01c3ca9e607b8760ddf786c2e52a2f668ea2d5bff8ab820367db43e463dc2936ac484527f53dd
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-