e6857118aea19c18f962e1360848b8061eceeb5a601d5a331589ae8fa412f0e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Shipping documents.bat.exe
Size

657KB
Sample

240625-fnjzjaveqj
MD5

540cbf50281addf4c30b7f8bcfabc769
SHA1

ea7e9a9a9fe46e5632f377058f3e765635b0421b
SHA256

e6857118aea19c18f962e1360848b8061eceeb5a601d5a331589ae8fa412f0e7
SHA512

01a3ffc14e67b686e099bb71ec86d36345fb23d4211beb39451845c4e2a72a5f3d16910ebe598072fff04bd6fdb44b0737293eea620758eae7ffac33e5aa38ad
SSDEEP

12288:Q9O+7l9HpQYST5ip36BjaB97GWyU3Lt1ei3nGp9+jkKr3VwtNi:b+Blpwi9SaBZoUbSHKr3r

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Shipping documents.bat.exe
- Size
  
  657KB
- MD5
  
  540cbf50281addf4c30b7f8bcfabc769
- SHA1
  
  ea7e9a9a9fe46e5632f377058f3e765635b0421b
- SHA256
  
  e6857118aea19c18f962e1360848b8061eceeb5a601d5a331589ae8fa412f0e7
- SHA512
  
  01a3ffc14e67b686e099bb71ec86d36345fb23d4211beb39451845c4e2a72a5f3d16910ebe598072fff04bd6fdb44b0737293eea620758eae7ffac33e5aa38ad
- SSDEEP
  
  12288:Q9O+7l9HpQYST5ip36BjaB97GWyU3Lt1ei3nGp9+jkKr3VwtNi:b+Blpwi9SaBZoUbSHKr3r
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2