0645a3dbabc5303c3a6734b4734034e01980b83df681842c1e41dbea07e10176 | Triage

Sharing

General

Target

4fba81c31556cbcb2e3cc13829ebd1fc.bin
Size

723KB
Sample

240613-bzcblsshqr
MD5

7ec3d7e743c7fc0b3af761913b83a40c
SHA1

99951225fd4efab0f429f02daa7415f082897cac
SHA256

0645a3dbabc5303c3a6734b4734034e01980b83df681842c1e41dbea07e10176
SHA512

dc53a69dfc4148012376969c8c7438b860d3f2318adea080a5d4851e49512430465fca478d965d265753be2ced91d1787c0c7689e100d5bef6ca5f48b5ee0a72
SSDEEP

12288:P60giFXLB+651Rxu1eqBvlAWoXi0ci4mkOEfd8vzC8DLh+xDEiKtoRb1/Ueia/XR:i0giZ1fuhBvlAWCi79mkOvzC8p+xTKt2

Score

8^/10

execution

Malware Config

Targets

- Target
  
  9c5cc57f344f2469a4c5f3b67c252fb72e8a12de742f96b697fa5f5d544513a1.exe
- Size
  
  788KB
- MD5
  
  4fba81c31556cbcb2e3cc13829ebd1fc
- SHA1
  
  16fa151c4117fe19fb2a6431ccd3ba5b6d9d2ed4
- SHA256
  
  9c5cc57f344f2469a4c5f3b67c252fb72e8a12de742f96b697fa5f5d544513a1
- SHA512
  
  ec31ad781ac6086ccdda8dfa7c4e1ffc8ede7ba4665755a1ae89c1e6a7f52b33e7e3c4ed09b08f17b277f4e08e2364f360dd9944b3d69bc721827c67a98f95a4
- SSDEEP
  
  24576:O95C6RrjOyvoQUYGNZgpo3DbrjXXPA+erA:OjRrKyvoQUVNZKo3DX7XJ
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2