b19d5b161b83c193d016f74647fc1d2a9f1e6636c5afd7ce62ff4ee01710daf7 | Triage

Sharing

General

Target

b19d5b161b83c193d016f74647fc1d2a9f1e6636c5afd7ce62ff4ee01710daf7
Size

2KB
Sample

241120-rqdq3ssndp
MD5

c0d7fcd20cbc603528ade0b5a1a3a7ce
SHA1

7b35c86a7776ec8af3ee1d02ea9b5b181f7fe74f
SHA256

b19d5b161b83c193d016f74647fc1d2a9f1e6636c5afd7ce62ff4ee01710daf7
SHA512

9bd83f70258cce6affd665caeca22b7373b679c62294261d5746c40fa37fc345f8ebb921bb4b46994cbda691d0ea13939dfc8e66258af3ca5245dc7b6ad7bd64

Score

8^/10

execution

Malware Config

Targets

- Target
  
  b19d5b161b83c193d016f74647fc1d2a9f1e6636c5afd7ce62ff4ee01710daf7
- Size
  
  2KB
- MD5
  
  c0d7fcd20cbc603528ade0b5a1a3a7ce
- SHA1
  
  7b35c86a7776ec8af3ee1d02ea9b5b181f7fe74f
- SHA256
  
  b19d5b161b83c193d016f74647fc1d2a9f1e6636c5afd7ce62ff4ee01710daf7
- SHA512
  
  9bd83f70258cce6affd665caeca22b7373b679c62294261d5746c40fa37fc345f8ebb921bb4b46994cbda691d0ea13939dfc8e66258af3ca5245dc7b6ad7bd64
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2