c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9 | Triage

Sharing

General

Target

c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9.exe
Size

712KB
Sample

240523-cfxzmshg2w
MD5

34d1fa82399358cfc800d7b2a1d3aa13
SHA1

0d5c2fbd348ad21b0ff0b0edfb53b88a9b9f5dcc
SHA256

c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9
SHA512

56600eae8804c19e88c7add071d0f12357c677dc62ea3fd4b5c26bbf5d29820c38b75bf2c390b2971cb72b7b2410fb5b4c875157800db7fa37fe3f8b05f42629
SSDEEP

12288:ZLrBpc/5B2NHSV2nR2R0vOhJYfT8Z6Y5qm2SP9A4ThhVHTjWSutqokR:NXc/r6HV20vOh+7Nm3RthVHfW1w

Score

8^/10

execution

Malware Config

Targets

- Target
  
  c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9.exe
- Size
  
  712KB
- MD5
  
  34d1fa82399358cfc800d7b2a1d3aa13
- SHA1
  
  0d5c2fbd348ad21b0ff0b0edfb53b88a9b9f5dcc
- SHA256
  
  c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9
- SHA512
  
  56600eae8804c19e88c7add071d0f12357c677dc62ea3fd4b5c26bbf5d29820c38b75bf2c390b2971cb72b7b2410fb5b4c875157800db7fa37fe3f8b05f42629
- SSDEEP
  
  12288:ZLrBpc/5B2NHSV2nR2R0vOhJYfT8Z6Y5qm2SP9A4ThhVHTjWSutqokR:NXc/r6HV20vOh+7Nm3RthVHfW1w
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2