f1aca41e797446c56c1d4d24c967c7711a6c520bfd475fda3d2482c07a65036d | Triage

Sharing

General

Target

f1aca41e797446c56c1d4d24c967c7711a6c520bfd475fda3d2482c07a65036d.exe
Size

881KB
Sample

240523-cn99yaab4y
MD5

0e2107bb56e8af303fc9a1dc338ba88c
SHA1

828375d4e80328a7041fe25a39315cc9555b9c4d
SHA256

f1aca41e797446c56c1d4d24c967c7711a6c520bfd475fda3d2482c07a65036d
SHA512

23b285db48fb638fcc06f825e987035ca9f192f490c555ce6fdf4499b34e394fdf71f3ce8062f8d4e51149a3f11ab6425d5d74b7dbbfc3b58ace8c59cb97ff87
SSDEEP

24576:0w4bjw4bOM134I7SKTj9BfhyrbiKmM/+tJu6Y75:0w4bjw4bD1346SqxC/+tQ6G5

Score

8^/10

execution

Malware Config

Targets

- Target
  
  f1aca41e797446c56c1d4d24c967c7711a6c520bfd475fda3d2482c07a65036d.exe
- Size
  
  881KB
- MD5
  
  0e2107bb56e8af303fc9a1dc338ba88c
- SHA1
  
  828375d4e80328a7041fe25a39315cc9555b9c4d
- SHA256
  
  f1aca41e797446c56c1d4d24c967c7711a6c520bfd475fda3d2482c07a65036d
- SHA512
  
  23b285db48fb638fcc06f825e987035ca9f192f490c555ce6fdf4499b34e394fdf71f3ce8062f8d4e51149a3f11ab6425d5d74b7dbbfc3b58ace8c59cb97ff87
- SSDEEP
  
  24576:0w4bjw4bOM134I7SKTj9BfhyrbiKmM/+tJu6Y75:0w4bjw4bD1346SqxC/+tQ6G5
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2