General
-
Target
INV&PL.exe
-
Size
888KB
-
Sample
240611-qzqassyeqb
-
MD5
3d62e0fc4fca8100b42897e70a53d231
-
SHA1
330509cdadfcf790502287f308c30f2f273f2da3
-
SHA256
e8337caecb446835a9104cbc6bccf21fb76c0ab31a285a5e2049be0b1a6bc273
-
SHA512
bd27f9c93cd80df38221090c21a894676220129f2942e2e1884a47054ff7643de7903384e4033131b758974c876fefed86e4e6c6a30297e6e30e60968101642f
-
SSDEEP
12288:Q1ZBq7/ExfbSRmrZn9gHLYBrsd5dewor0FPpDI5mMXoWV2woUb+gRyd1wV1ERc1:Q1Z07/ExfbVrZn9GXd/cm05mMXzvr+qp
Malware Config
Targets
-
-
Target
INV&PL.exe
-
Size
888KB
-
MD5
3d62e0fc4fca8100b42897e70a53d231
-
SHA1
330509cdadfcf790502287f308c30f2f273f2da3
-
SHA256
e8337caecb446835a9104cbc6bccf21fb76c0ab31a285a5e2049be0b1a6bc273
-
SHA512
bd27f9c93cd80df38221090c21a894676220129f2942e2e1884a47054ff7643de7903384e4033131b758974c876fefed86e4e6c6a30297e6e30e60968101642f
-
SSDEEP
12288:Q1ZBq7/ExfbSRmrZn9gHLYBrsd5dewor0FPpDI5mMXoWV2woUb+gRyd1wV1ERc1:Q1Z07/ExfbVrZn9GXd/cm05mMXzvr+qp
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-