General

  • Target

    c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9

  • Size

    712KB

  • Sample

    240522-xkwbtscg4s

  • MD5

    34d1fa82399358cfc800d7b2a1d3aa13

  • SHA1

    0d5c2fbd348ad21b0ff0b0edfb53b88a9b9f5dcc

  • SHA256

    c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9

  • SHA512

    56600eae8804c19e88c7add071d0f12357c677dc62ea3fd4b5c26bbf5d29820c38b75bf2c390b2971cb72b7b2410fb5b4c875157800db7fa37fe3f8b05f42629

  • SSDEEP

    12288:ZLrBpc/5B2NHSV2nR2R0vOhJYfT8Z6Y5qm2SP9A4ThhVHTjWSutqokR:NXc/r6HV20vOh+7Nm3RthVHfW1w

Score
8/10

Malware Config

Targets

    • Target

      c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9

    • Size

      712KB

    • MD5

      34d1fa82399358cfc800d7b2a1d3aa13

    • SHA1

      0d5c2fbd348ad21b0ff0b0edfb53b88a9b9f5dcc

    • SHA256

      c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9

    • SHA512

      56600eae8804c19e88c7add071d0f12357c677dc62ea3fd4b5c26bbf5d29820c38b75bf2c390b2971cb72b7b2410fb5b4c875157800db7fa37fe3f8b05f42629

    • SSDEEP

      12288:ZLrBpc/5B2NHSV2nR2R0vOhJYfT8Z6Y5qm2SP9A4ThhVHTjWSutqokR:NXc/r6HV20vOh+7Nm3RthVHfW1w

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks