General
-
Target
b8c023bb3fb868b10c263887886704bdcf21c450424362971cafca2e393dae05
-
Size
748KB
-
Sample
240523-ct5xeaad6w
-
MD5
65536ee42cdda6c58008dcc92d563851
-
SHA1
7acbd217db3ec84fb53a72586fd96b88f6514b9c
-
SHA256
b8c023bb3fb868b10c263887886704bdcf21c450424362971cafca2e393dae05
-
SHA512
8dcda62cd9a6f79acddf23aeed4757801fb8dcdcb37f914670e5dec08a41e362fec58f555566336dad94974b1ea11b6db6722fc3b8bea4e223dbb3c1948c3d82
-
SSDEEP
12288:xHpoTe1IgmfrcaFns9Hx3Hk0Io2vy2EEfMrTx/Q/MOTdsMgSRJwx+nPLPk2ll:JpowKfrcaFQ3kvy2EbT60OxsMgSRs+
Malware Config
Targets
-
-
Target
b8c023bb3fb868b10c263887886704bdcf21c450424362971cafca2e393dae05
-
Size
748KB
-
MD5
65536ee42cdda6c58008dcc92d563851
-
SHA1
7acbd217db3ec84fb53a72586fd96b88f6514b9c
-
SHA256
b8c023bb3fb868b10c263887886704bdcf21c450424362971cafca2e393dae05
-
SHA512
8dcda62cd9a6f79acddf23aeed4757801fb8dcdcb37f914670e5dec08a41e362fec58f555566336dad94974b1ea11b6db6722fc3b8bea4e223dbb3c1948c3d82
-
SSDEEP
12288:xHpoTe1IgmfrcaFns9Hx3Hk0Io2vy2EEfMrTx/Q/MOTdsMgSRJwx+nPLPk2ll:JpowKfrcaFQ3kvy2EbT60OxsMgSRs+
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-