General

  • Target

    c392d4188393f4a82d6b47c3fc4099e2.bin

  • Size

    713KB

  • Sample

    240613-cqbjdsvbnp

  • MD5

    4e56e64e34ef690a2655574351a65763

  • SHA1

    458a50d8991defa358d3b5d0ea64f72f1565f94f

  • SHA256

    5760140c8cfa4e4cbb2a42cd839ad60c7e155526159b1fb0b51b28275f2c6750

  • SHA512

    2ff2dd63e355cddbe81c9d1a581c29a8700dd4392fa433a4d9cfd673d96648173d32ee39c814766907c241988c463e73341e462ae606a9f3aa4552e20cdf41af

  • SSDEEP

    12288:kuYjIG2/f/y4l16K7pzdLDPv0w1dD5VMvmsvZhNimKrEe6rsoSRTJQltYuNXcW5C:kuYI3//77BdPH3BMBBFKr/ro4VI2

Score
8/10

Malware Config

Targets

    • Target

      684b898fd7fed76973c556a948858f5aa69ecaca176fa5e856ecd246a8c57565.exe

    • Size

      744KB

    • MD5

      c392d4188393f4a82d6b47c3fc4099e2

    • SHA1

      fdda6b1da9c657e840212518d3854acabb4cdbf3

    • SHA256

      684b898fd7fed76973c556a948858f5aa69ecaca176fa5e856ecd246a8c57565

    • SHA512

      43824c2258edc9d09dfe52ed96bc53862e3a9512803cccbce3158ac34f90904d6feb113c369afa955b73489d2b6be287a253b7d20569fb719ce114b5f8eea6da

    • SSDEEP

      12288:GX0pxoBV36Di8BtLySdcLrALrHpzNmZFwPExmG3tff/5Kg/guLU8GpX/4d9UeRSs:8BFKReQ/JzcFwPExNt/5F4CUbw1SFth

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks