Overview

overview

8

Static

static

1

42626dcc52...0a.exe

windows7-x64

8

42626dcc52...0a.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17220843979.zip

  • Size

    713KB

  • Sample

    240516-ek4zvsbd98

  • MD5

    5a5e215a26ce8cc313acfbd73e50b736

  • SHA1

    394efd1a60d7209e4f06c4c765e7129b7882b4b8

  • SHA256

    b6b37f1ca402d15433f714632bac7a44464bb1b978e4ce93cc0a1ffe303b27eb

  • SHA512

    ae6b1d7d1a638bc9b39a9895ca37a500fbc59b14de470fb6cf6cd0c5132b414d8ef0b7effda9a40a31dfe51fc655edf2aff1856f25773da05794f01d6d38f431

  • SSDEEP

    12288:2rqa+ymfVyJdxHAes6YTLiHmb7rt0BzcIK1YpuLpcX3XIkY8hRKiQkrdckJ1FsZ1:2rqjyCVkK2mb7x0GbNS1ThTQhknFsZ1

Score
8/10
execution

Malware Config

Targets

    • Target

      42626dcc527d3da8d901ace84bccea6dd2a4b2b48d63c927fcae507e522c1e0a

    • Size

      807KB

    • MD5

      af11e0c794bec72b5a187164b0bda4f4

    • SHA1

      7b0042a7ce2e6f9888e2eabb9aaa1a72f69ad367

    • SHA256

      42626dcc527d3da8d901ace84bccea6dd2a4b2b48d63c927fcae507e522c1e0a

    • SHA512

      78bbcabf232dd5b16011d2a1e075c616f18b6b9191bbfb23b5789de6e08a23d6355e0ded855d41d1db7df49d98284e44489a8713e13ab86f81664b656102e019

    • SSDEEP

      24576:0mgXjxw/KeEXeSfgvh76tL6jCbsS003KKgVFnT97xW:T6dPeEouJgHS3lgVFNxW

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks