89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257 | Triage

Sharing

General

Target

89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
Size

730KB
Sample

240522-cmdvcahc2s
MD5

16df5928c906e18b91ee87172d94b874
SHA1

f250edf940f62a4265b4ebdc763739e28c37f9f6
SHA256

89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
SHA512

9cce8a9dfa0ed10b506d2c8e1ffe940b49886afb1d4af539b49f87a0939e6953ac5c90f4545901be2d3c5109a7bc5bc98883a235c83e09c0530fdecba676bd4c
SSDEEP

12288:WzYn6yM/fPyNSXkan+MwP4/iNhyfb69S453cctk1x7gXYZuK:Fn6D/SNQww/iN8fb9XWk/0I1

Score

8^/10

execution

Malware Config

Targets

- Target
  
  89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
- Size
  
  730KB
- MD5
  
  16df5928c906e18b91ee87172d94b874
- SHA1
  
  f250edf940f62a4265b4ebdc763739e28c37f9f6
- SHA256
  
  89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
- SHA512
  
  9cce8a9dfa0ed10b506d2c8e1ffe940b49886afb1d4af539b49f87a0939e6953ac5c90f4545901be2d3c5109a7bc5bc98883a235c83e09c0530fdecba676bd4c
- SSDEEP
  
  12288:WzYn6yM/fPyNSXkan+MwP4/iNhyfb69S453cctk1x7gXYZuK:Fn6D/SNQww/iN8fb9XWk/0I1
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2