General
-
Target
GWBI7H74fhGgtebteb5GSR
-
Size
6.8MB
-
Sample
240618-qhn2eaygrj
-
MD5
ab7f07e0cb724902d34ca82aa83e81e3
-
SHA1
becb5b9765615596028a004fc85f70a6064909be
-
SHA256
4e6e5e416417e302fd44f0e1c2106f8aa2c77a24cb363cbf49e12077a641cf6e
-
SHA512
e8e09127eb674403002323e43df20a34125c9ebbcc6cb6da387f5b4f742c2dd1e3cdfa5919d3ce67f16d3bd344313f5ac4a15042f200d83b662bcf036a6d4d9f
-
SSDEEP
196608:w3/NrzAltdolcv92Zg1kOhJmWhxbxiz3bdJqwd9mnC3QLexvLvtGSKFW:aNrnlAUZg1kqJmuxc3BJqs91g6xJGSK0
Behavioral task
behavioral1
Sample
GWBI7H74fhGgtebteb5GSR.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
GWBI7H74fhGgtebteb5GSR
-
Size
6.8MB
-
MD5
ab7f07e0cb724902d34ca82aa83e81e3
-
SHA1
becb5b9765615596028a004fc85f70a6064909be
-
SHA256
4e6e5e416417e302fd44f0e1c2106f8aa2c77a24cb363cbf49e12077a641cf6e
-
SHA512
e8e09127eb674403002323e43df20a34125c9ebbcc6cb6da387f5b4f742c2dd1e3cdfa5919d3ce67f16d3bd344313f5ac4a15042f200d83b662bcf036a6d4d9f
-
SSDEEP
196608:w3/NrzAltdolcv92Zg1kOhJmWhxbxiz3bdJqwd9mnC3QLexvLvtGSKFW:aNrnlAUZg1kqJmuxc3BJqs91g6xJGSK0
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1