23beb6b275ac88cf051af88b0f16260a5b657bbe74c7df2de667791623bd41ff | Triage

Sharing

General

Target

23beb6b275ac88cf051af88b0f16260a5b657bbe74c7df2de667791623bd41ff
Size

781KB
Sample

240613-zcr1jszbnh
MD5

c5c65ce640d41c1d6cac040cd1e292bf
SHA1

e6342ce30044b92d67d60ac4d4b7324608dfe7a7
SHA256

23beb6b275ac88cf051af88b0f16260a5b657bbe74c7df2de667791623bd41ff
SHA512

0e8a65a4f42be59ab1a1d2e7492c410df7f2447950dad478641834fe025e5734d676f4e370f051e4a33979a366140870d35ac6c487f04a9bcc3cffb35da9a190
SSDEEP

12288:eWdXtfETq44h2pXpPR5fJTOGwJDvC8miNc/NDRNfUyys1I/tNxdSEgf0qk0IU+IY:ld92B5Xf3w1msc1Dki8vyq030J

Score

8^/10

execution

Malware Config

Targets

- Target
  
  23beb6b275ac88cf051af88b0f16260a5b657bbe74c7df2de667791623bd41ff
- Size
  
  781KB
- MD5
  
  c5c65ce640d41c1d6cac040cd1e292bf
- SHA1
  
  e6342ce30044b92d67d60ac4d4b7324608dfe7a7
- SHA256
  
  23beb6b275ac88cf051af88b0f16260a5b657bbe74c7df2de667791623bd41ff
- SHA512
  
  0e8a65a4f42be59ab1a1d2e7492c410df7f2447950dad478641834fe025e5734d676f4e370f051e4a33979a366140870d35ac6c487f04a9bcc3cffb35da9a190
- SSDEEP
  
  12288:eWdXtfETq44h2pXpPR5fJTOGwJDvC8miNc/NDRNfUyys1I/tNxdSEgf0qk0IU+IY:ld92B5Xf3w1msc1Dki8vyq030J
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2