General
-
Target
042002100213_05712255.exe
-
Size
886KB
-
Sample
240628-k4cyda1fjh
-
MD5
e0ea1b80a4dd04e3f8bb54132818a180
-
SHA1
2e2dd147c69a14320e766a5b59da0064937b61b3
-
SHA256
18a9626248f02f55e129b5172bc9473741511fe4d2c088fb7c46ce12d3c8175f
-
SHA512
e600dd651126fa439100a1923f8854b63797da6752519019c34b4548db2e0d95e1b69599651a1139ba2c54dd7d2395737d4395827561f7787e176040a09c8523
-
SSDEEP
12288:hGKwtN+9qy2JkbwsGgPh3jADceuzsy0la+Qu6w3vaX/t/Mx5BuVCOZ8UZeEdp7XO:AS4yOshp38oGQ0vmt/MxUXZlw
Malware Config
Targets
-
-
Target
042002100213_05712255.exe
-
Size
886KB
-
MD5
e0ea1b80a4dd04e3f8bb54132818a180
-
SHA1
2e2dd147c69a14320e766a5b59da0064937b61b3
-
SHA256
18a9626248f02f55e129b5172bc9473741511fe4d2c088fb7c46ce12d3c8175f
-
SHA512
e600dd651126fa439100a1923f8854b63797da6752519019c34b4548db2e0d95e1b69599651a1139ba2c54dd7d2395737d4395827561f7787e176040a09c8523
-
SSDEEP
12288:hGKwtN+9qy2JkbwsGgPh3jADceuzsy0la+Qu6w3vaX/t/Mx5BuVCOZ8UZeEdp7XO:AS4yOshp38oGQ0vmt/MxUXZlw
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-