505749e24d2ed2cef8c810c1b363d677192dffa0602562ec1d583d1024428ff3 | Triage

Sharing

General

Target

505749e24d2ed2cef8c810c1b363d677192dffa0602562ec1d583d1024428ff3
Size

2KB
Sample

241120-dnzc4syrdt
MD5

7181932499a362d0f511204daff892a1
SHA1

74e4f14fb09a5179df694ad88af7966cbd86c05e
SHA256

505749e24d2ed2cef8c810c1b363d677192dffa0602562ec1d583d1024428ff3
SHA512

1898ce02e0fc27510c688d1ece348afb38eb86f5525f49b126d11e33fbf6263cff0e84fb3f54a844e26cc8694bb578b00c94f0dcf847e764ae0cf7f12186ed0e

Score

8^/10

execution

Malware Config

Targets

- Target
  
  505749e24d2ed2cef8c810c1b363d677192dffa0602562ec1d583d1024428ff3
- Size
  
  2KB
- MD5
  
  7181932499a362d0f511204daff892a1
- SHA1
  
  74e4f14fb09a5179df694ad88af7966cbd86c05e
- SHA256
  
  505749e24d2ed2cef8c810c1b363d677192dffa0602562ec1d583d1024428ff3
- SHA512
  
  1898ce02e0fc27510c688d1ece348afb38eb86f5525f49b126d11e33fbf6263cff0e84fb3f54a844e26cc8694bb578b00c94f0dcf847e764ae0cf7f12186ed0e
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2