3e656c26bcb61fd298e40b8c1f737a98bf61306321cbaaedd860175cef54b817 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e656c26bcb61fd298e40b8c1f737a98bf61306321cbaaedd860175cef54b817.exe
Size

890KB
Sample

240604-sxg8hscb78
MD5

8a74d68183d93cd37e618f68097db773
SHA1

7bb4aae1c89a47edf441daa545051a34fc2a85ca
SHA256

3e656c26bcb61fd298e40b8c1f737a98bf61306321cbaaedd860175cef54b817
SHA512

90242ed47af21664ece4a5352f2559716d057ae0a37888b7c941fed0a4637c4b59d06b3e03970c12596e83750822bd602131f18a2891319dc0f775234d03c829
SSDEEP

24576:i7by52GN5i44Ca7YBFjEUfM1JFV07jFqQNrWCFM:i7by52GN5i44r7YBFjZkVug2WC

Score

8^/10

execution

Malware Config

Targets

- Target
  
  3e656c26bcb61fd298e40b8c1f737a98bf61306321cbaaedd860175cef54b817.exe
- Size
  
  890KB
- MD5
  
  8a74d68183d93cd37e618f68097db773
- SHA1
  
  7bb4aae1c89a47edf441daa545051a34fc2a85ca
- SHA256
  
  3e656c26bcb61fd298e40b8c1f737a98bf61306321cbaaedd860175cef54b817
- SHA512
  
  90242ed47af21664ece4a5352f2559716d057ae0a37888b7c941fed0a4637c4b59d06b3e03970c12596e83750822bd602131f18a2891319dc0f775234d03c829
- SSDEEP
  
  24576:i7by52GN5i44Ca7YBFjEUfM1JFV07jFqQNrWCFM:i7by52GN5i44r7YBFjZkVug2WC
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2