ea3e61a4e7f5d6b31d5b822e05c47cce4706edda113bc1fa1a5bbdc5bd79ce8f | Triage

Sharing

General

Target

ea3e61a4e7f5d6b31d5b822e05c47cce4706edda113bc1fa1a5bbdc5bd79ce8f
Size

680KB
Sample

240529-cvndraeg7y
MD5

9afd82432745c98050a3c845ecc8d535
SHA1

afbefc74e461136d4e951fc31a7fabfe9b96d301
SHA256

ea3e61a4e7f5d6b31d5b822e05c47cce4706edda113bc1fa1a5bbdc5bd79ce8f
SHA512

fb350292c417038ed66909892b6da631fab04916644c518747d2e762598ee2f3c3f98ab81aa6d2d31dd40bebdbe59d527fa7c39c57f498cf62bd1180f64399b5
SSDEEP

12288:sg0YCt1Q9WiVZssCeggKFN2TdiZOuM1WbwUX8vda/LwSuEEHbv9pNSGO97:7ssWassCehUdM1G8vE/kSjKPe7

Score

8^/10

execution

Malware Config

Targets

- Target
  
  ea3e61a4e7f5d6b31d5b822e05c47cce4706edda113bc1fa1a5bbdc5bd79ce8f
- Size
  
  680KB
- MD5
  
  9afd82432745c98050a3c845ecc8d535
- SHA1
  
  afbefc74e461136d4e951fc31a7fabfe9b96d301
- SHA256
  
  ea3e61a4e7f5d6b31d5b822e05c47cce4706edda113bc1fa1a5bbdc5bd79ce8f
- SHA512
  
  fb350292c417038ed66909892b6da631fab04916644c518747d2e762598ee2f3c3f98ab81aa6d2d31dd40bebdbe59d527fa7c39c57f498cf62bd1180f64399b5
- SSDEEP
  
  12288:sg0YCt1Q9WiVZssCeggKFN2TdiZOuM1WbwUX8vda/LwSuEEHbv9pNSGO97:7ssWassCehUdM1G8vE/kSjKPe7
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2