General

  • Target

    WRQDouwL.png.ps1

  • Size

    304KB

  • Sample

    241129-q2xsnasrgn

  • MD5

    803d84838415f3c36742821f70203a8f

  • SHA1

    e3b4bc28676f9f1c2c71fff706d240e9557df75e

  • SHA256

    e20d63d82415c54f408d750f77b1442b4540e1e7eca70cc5e77fc06a093a1eec

  • SHA512

    e083ed91c0eb5316d12ba090f2c14ed8a01075ebbb25a47f1f30ef56bf9877556aebb9e12ea0d39ef7ff5fcfd98e43c6c4fdb828936264e5abe75f2620277000

  • SSDEEP

    1536:xoXGg/lCHSnPiCqoUZRCHJt50IRNGTRwOs3iFXO57fEPmjwl3Fo5+w5vKBx9SG0W:fmmp

Score
10/10

Malware Config

Targets

    • Target

      WRQDouwL.png.ps1

    • Size

      304KB

    • MD5

      803d84838415f3c36742821f70203a8f

    • SHA1

      e3b4bc28676f9f1c2c71fff706d240e9557df75e

    • SHA256

      e20d63d82415c54f408d750f77b1442b4540e1e7eca70cc5e77fc06a093a1eec

    • SHA512

      e083ed91c0eb5316d12ba090f2c14ed8a01075ebbb25a47f1f30ef56bf9877556aebb9e12ea0d39ef7ff5fcfd98e43c6c4fdb828936264e5abe75f2620277000

    • SSDEEP

      1536:xoXGg/lCHSnPiCqoUZRCHJt50IRNGTRwOs3iFXO57fEPmjwl3Fo5+w5vKBx9SG0W:fmmp

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Download via BitsAdmin

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks