e2a1386069229c6a4f15d8cea2ceaafe0ba1a7b4503aad69fd6e45d9a0279823 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Halkbank_Ekstre_20240613_075839_278831.exe
Size

902KB
Sample

240613-l8kdpathqa
MD5

eda5836ae8925c04aff0a91d9dd58a3c
SHA1

2f6f2f78db12779a33a55e45881e0c2153b9c411
SHA256

e2a1386069229c6a4f15d8cea2ceaafe0ba1a7b4503aad69fd6e45d9a0279823
SHA512

9c4953e6e9ef8a7c6bd00ded5e0cfad48f86a1407123c5fb50e414a87d9b8183db8ae6b009caaefbd8c4d252b33d258aba39db9670f6dd4d4cb76592fe06b70a
SSDEEP

24576:sNmyC5T2GSfiqJ1871z7ByfCgd3wM4LyZsVAo:t392Df1b3Rewo

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Halkbank_Ekstre_20240613_075839_278831.exe
- Size
  
  902KB
- MD5
  
  eda5836ae8925c04aff0a91d9dd58a3c
- SHA1
  
  2f6f2f78db12779a33a55e45881e0c2153b9c411
- SHA256
  
  e2a1386069229c6a4f15d8cea2ceaafe0ba1a7b4503aad69fd6e45d9a0279823
- SHA512
  
  9c4953e6e9ef8a7c6bd00ded5e0cfad48f86a1407123c5fb50e414a87d9b8183db8ae6b009caaefbd8c4d252b33d258aba39db9670f6dd4d4cb76592fe06b70a
- SSDEEP
  
  24576:sNmyC5T2GSfiqJ1871z7ByfCgd3wM4LyZsVAo:t392Df1b3Rewo
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2