4a4ea86aecf0d25c3714ebb60fd791933bbb28471a8fd717c0c61ccf61e92be9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b8699718f72b9ab820a060e616955d0.bin
Size

740KB
Sample

240613-b4l2lstbqk
MD5

fb9caca0756a63d75c274989ae5c3597
SHA1

eeb4300b5fd9d0ac3b3c433cb4c94ac1e27b1e6c
SHA256

4a4ea86aecf0d25c3714ebb60fd791933bbb28471a8fd717c0c61ccf61e92be9
SHA512

c91c79cfacc6a54ab07425a51c452ada848b89d25538e9dced2ed22882db093d6dcc450d9c446395245dae3600fb020f9c92882707d150534be1a3ccd29c7351
SSDEEP

12288:I0OtD7pxNqC3Jb9tn2jR7906dqLWDg9mpIUVzeNX3BDhrcujOjgbPpNTNo9sH3:2tDtquJfnqR7a6It9mpIgSt3JBcbjgl7

Score

8^/10

execution

Malware Config

Targets

- Target
  
  b1347714d02fd4e8d61bb36d2559ecfc692417fd743df8a59d961fe42c6b1ac7.exe
- Size
  
  885KB
- MD5
  
  6b8699718f72b9ab820a060e616955d0
- SHA1
  
  f64c6724cf94781136307cace8f7fd3f5a762034
- SHA256
  
  b1347714d02fd4e8d61bb36d2559ecfc692417fd743df8a59d961fe42c6b1ac7
- SHA512
  
  b7a56c11d9fa08587009e4a6e394e8b4bafb37068451bf2a5795cfa20a269b8872a1838c195333d0a7f92efb8913ebe608ab9c04cc5097c8a48ef775621222bc
- SSDEEP
  
  24576:0g61jjk0LAta9AUDIDsHD7kJ6qUDk0spGhDeq+g92ze:wksjQJmkWh6q+rz
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2