79b3929c39c12f6ffc55c5423e22185da7016cffdb4b53dd94fcd9caa00f0fd4 | Triage

Sharing

General

Target

79b3929c39c12f6ffc55c5423e22185da7016cffdb4b53dd94fcd9caa00f0fd4
Size

2KB
Sample

241120-c8k6jsyejg
MD5

e3d071f439e540c370a1251cb1286fac
SHA1

6a511348a2c3c806c76992b686c41c4448b63cdf
SHA256

79b3929c39c12f6ffc55c5423e22185da7016cffdb4b53dd94fcd9caa00f0fd4
SHA512

7e5ad3acd450a5252e99689cdc611d250b31244149b96b3bc02f5636f4b1fc0c03b5b21082930f42101b7d18a6e28cf459e93610a7fabdf4ee0dde63a6375e6a

Score

8^/10

execution

Malware Config

Targets

- Target
  
  79b3929c39c12f6ffc55c5423e22185da7016cffdb4b53dd94fcd9caa00f0fd4
- Size
  
  2KB
- MD5
  
  e3d071f439e540c370a1251cb1286fac
- SHA1
  
  6a511348a2c3c806c76992b686c41c4448b63cdf
- SHA256
  
  79b3929c39c12f6ffc55c5423e22185da7016cffdb4b53dd94fcd9caa00f0fd4
- SHA512
  
  7e5ad3acd450a5252e99689cdc611d250b31244149b96b3bc02f5636f4b1fc0c03b5b21082930f42101b7d18a6e28cf459e93610a7fabdf4ee0dde63a6375e6a
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2