Overview

overview

9

Static

static

1

EXM Free T...V4.cmd

windows10-1703-x64

9

EXM Free T...V4.cmd

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EXM Free Tweaking Utility V4.cmd

  • Size

    192KB

  • Sample

    240513-1t2fzsfc3v

  • MD5

    5d4024dde246ff126767186d20899895

  • SHA1

    0765531c063c5543421b40509ab4566924ea5375

  • SHA256

    4c20b33891525d3cd94a415fffab3d2bc8337353106e1c4eea1591bc00cf55f9

  • SHA512

    ddc0f1e771114614d084d45b68808a953b5d11ea3946998fe7d4dde457f58ac508416eafd0be81cb4310b4c0a64e3a797a1f43b4033ede02dbe6dbde9f8dcb16

  • SSDEEP

    1536:38QH77mC55szEnSC/DAD1xsIvCnxkrwCrwbr2m+Wm:MysALp/W

Score
9/10
evasionexecutionpersistenceransomware

Malware Config

Targets

    • Target

      EXM Free Tweaking Utility V4.cmd

    • Size

      192KB

    • MD5

      5d4024dde246ff126767186d20899895

    • SHA1

      0765531c063c5543421b40509ab4566924ea5375

    • SHA256

      4c20b33891525d3cd94a415fffab3d2bc8337353106e1c4eea1591bc00cf55f9

    • SHA512

      ddc0f1e771114614d084d45b68808a953b5d11ea3946998fe7d4dde457f58ac508416eafd0be81cb4310b4c0a64e3a797a1f43b4033ede02dbe6dbde9f8dcb16

    • SSDEEP

      1536:38QH77mC55szEnSC/DAD1xsIvCnxkrwCrwbr2m+Wm:MysALp/W

    Score
    9/10
    evasionexecutionpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks