General

  • Target

    cb76abe70c6500321b07c9141a933150.bin

  • Size

    742KB

  • Sample

    240613-cqhygavbpp

  • MD5

    95872bcc3e91804afdc2f531d8c52f53

  • SHA1

    9b02cfeda1cd5c616d3a2469f445184aa9cde623

  • SHA256

    712f1d60bb34625bdbb95ad328d08eec8edb5827f2a8947d07a4aff253f75208

  • SHA512

    9623f0cc2189940f99f915519c576115ec3e8c048b28cd4b888269f055d8cb2e609dc10afb17419fd4a6bbe785b41212ca2d3eaff0785648290cef8bb0cae006

  • SSDEEP

    12288:iXoAx2PAo8D+Tr/FewKHkN2vLc5vonE0Hl+MJb/jWiV43cxEc7ruLvVo4PwAFJtU:iXos2Pb8gTFRQvPJb/jNRxEFL9o4PRF8

Score
8/10

Malware Config

Targets

    • Target

      58fb2eef2cb867a0316df7cd3d833333dc48653eb2c9e1f639c9f749ec39f265.exe

    • Size

      886KB

    • MD5

      cb76abe70c6500321b07c9141a933150

    • SHA1

      4ffebb292fa0edac17fe9c7705974ef2a2bccca4

    • SHA256

      58fb2eef2cb867a0316df7cd3d833333dc48653eb2c9e1f639c9f749ec39f265

    • SHA512

      5b5e732ebd88d9cd7d065a90a4db1f6f9ac5ddec76664aa3a44ad5262df9b2dcf6a57208f29cd31503b93e609d1c22b1a761475f250ce9b3148dfcbd5b46cdde

    • SSDEEP

      24576:qg61jjk0LAta9A9DIrXlmoJcI67CoXq/la7vDLlEwXAYs:5UXlmIRD4EliDBEwI

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks