General
-
Target
00669b262ae0e4d8bd79bd670efd9c435981b6f5ac49dfe4a73eef47f86f1c66.exe
-
Size
2.6MB
-
Sample
240520-ytxrpafa73
-
MD5
a6dc1d2eb796b0e35fc03d0775c86210
-
SHA1
7668f244821f311e7f0a38096265c7168501225c
-
SHA256
00669b262ae0e4d8bd79bd670efd9c435981b6f5ac49dfe4a73eef47f86f1c66
-
SHA512
724568882441c99b5450ae5095e57681b3b37526dc5009b6e17380680e18fae3382e98831e02b3382da74dfbd4882f3db27c9cd57b79c68a210230ae21822f82
-
SSDEEP
49152:eOHc/pm5INpTK7+tzOn/AWBsLWqbaKNTznun4pr7wdhmx:eOipm5H7+mrBsLoKZnu4pchW
Malware Config
Targets
-
-
Target
00669b262ae0e4d8bd79bd670efd9c435981b6f5ac49dfe4a73eef47f86f1c66.exe
-
Size
2.6MB
-
MD5
a6dc1d2eb796b0e35fc03d0775c86210
-
SHA1
7668f244821f311e7f0a38096265c7168501225c
-
SHA256
00669b262ae0e4d8bd79bd670efd9c435981b6f5ac49dfe4a73eef47f86f1c66
-
SHA512
724568882441c99b5450ae5095e57681b3b37526dc5009b6e17380680e18fae3382e98831e02b3382da74dfbd4882f3db27c9cd57b79c68a210230ae21822f82
-
SSDEEP
49152:eOHc/pm5INpTK7+tzOn/AWBsLWqbaKNTznun4pr7wdhmx:eOipm5H7+mrBsLoKZnu4pchW
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-