Overview

overview

8

Static

static

3

PAYMENT/PAYMENT.exe

windows7-x64

8

PAYMENT/PAYMENT.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    05062024_1650_04062024_PAYMENT.tar

  • Size

    677KB

  • Sample

    240605-vcbaksdb75

  • MD5

    ca7ace330ff3ab447070069e982b97cd

  • SHA1

    52bfe9027828d7767f77c2775e28f0ad3c8e9543

  • SHA256

    bc56a68f9f0eb0b52616b59bb4050aededc7ce84b756306d5b85a1dd0c3e51ba

  • SHA512

    8d43c3760b90045a5100e989a881c4c2a6bc197bf6e11363ce8da5a23ddd473aa604f8c8203ddfc5bef9e28d728d13673480edd61912aa968ba13877273c27e9

  • SSDEEP

    12288:XvB6c1X2uYCDQq6pJdh89b3BdIzPXxouafGpJcPJXKy0Gpy0Mlj5osBDW:Xs7ud6Rh4/aiVfG7ByVpGdW

Score
8/10
execution

Malware Config

Targets

    • Target

      PAYMENT/PAYMENT.exe

    • Size

      718KB

    • MD5

      e5fb1ad0fe2d7dac48b746ae3b30efa5

    • SHA1

      9333774c9852c0a44ef0424d7e3a5cca3191f407

    • SHA256

      99eca75ecef2bc528d8aed538d1eb4517176948bd6688fc18cd915e0312c9da2

    • SHA512

      091cf8131dc054a61774b17dcb9c032666817f7e3760d194716dfc406ea78df66a85f90bd0b4136cebaadd7f01c5fba0bf2ca09b87e3c4be189bd70426e8b049

    • SSDEEP

      12288:U34O+O4KNr+u/7mwQL2Hh4LJl8PcMaAqLT/hLP9Fb03gYYdVFaDRGO7NyxBCV:U3lCu/6wQn9CPcMaPLz1sY7Fa9dNyxgV

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks