General

  • Target

    processlassosetup64.exe

  • Size

    2.5MB

  • Sample

    240526-nn8lwsgg3y

  • MD5

    358915d6380a157ac8536b18fdb28a7c

  • SHA1

    7c91f36ca72297fdca49034fcd515f58563593f9

  • SHA256

    4f0bbba52d150871cdd6d354fc40ad7634ab0598ff69048faa73f2e70ba35279

  • SHA512

    2f15173c3dbcde668bcd787607c6dbd1ec7e621438fd70ccfa2669c97766d5c7060686cbfc0de94d1b47b0db110274630391866d15ff138a53799cacc7498ee6

  • SSDEEP

    49152:t6LF24Q4O63rWluYp9VPMYHgJPsg3avKpufa3/kyzamgFkci5:tGe4t3rWfHVPJ8Zavdk/kyzaiD

Score
6/10

Malware Config

Targets

    • Target

      processlassosetup64.exe

    • Size

      2.5MB

    • MD5

      358915d6380a157ac8536b18fdb28a7c

    • SHA1

      7c91f36ca72297fdca49034fcd515f58563593f9

    • SHA256

      4f0bbba52d150871cdd6d354fc40ad7634ab0598ff69048faa73f2e70ba35279

    • SHA512

      2f15173c3dbcde668bcd787607c6dbd1ec7e621438fd70ccfa2669c97766d5c7060686cbfc0de94d1b47b0db110274630391866d15ff138a53799cacc7498ee6

    • SSDEEP

      49152:t6LF24Q4O63rWluYp9VPMYHgJPsg3avKpufa3/kyzamgFkci5:tGe4t3rWfHVPJ8Zavdk/kyzaiD

    Score
    6/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks