b6cdfb0f3bfc1b2ebfd2dc54f654b8634d6138c25de415e4149386164aa240c8 | Triage

Sharing

General

Target

8ae1dd497c110caff8452910057e8531.bin
Size

631KB
Sample

240701-czrlzatcpb
MD5

cd2aa17740dbe40c4385c66a9f494636
SHA1

7983d071271a08f90c50b65799f730fc14081bf7
SHA256

b6cdfb0f3bfc1b2ebfd2dc54f654b8634d6138c25de415e4149386164aa240c8
SHA512

42a24a81f6c0709bb536300b112d4e26d65a6fa41c20647f56bc866d3b32fec87d3d501b2a2e413d10b820aab042950fe17db26bd41899075d1279d473ea4361
SSDEEP

12288:l8QSHd+4h3jTCyAK9X3j1ompz+TvOW0lgSqLyH6HJ3WIwxHW:CHdZTCy5X3j1NpST2FlIl9rYW

Score

8^/10

execution

Malware Config

Targets

- Target
  
  dc74ae7a70778659ee1f27f8e772ab2513299da34c7b2eabb866152e5588720b.exe
- Size
  
  684KB
- MD5
  
  8ae1dd497c110caff8452910057e8531
- SHA1
  
  a0ac63280a17a5f2f0ed70ba9fcdce5d6307a319
- SHA256
  
  dc74ae7a70778659ee1f27f8e772ab2513299da34c7b2eabb866152e5588720b
- SHA512
  
  409d14e904609f8f8c1148dc110f2052999583ed031746b16060f918481e2d95e77510d891a5185f7c846c25511a145301309b17da6685dc37115f45d4ac5b44
- SSDEEP
  
  12288:j99glhqbCawo53B7mLnCloDS/jlygjsJ2spL7yubqldoSirLvQPZ6gNMLY7K:j3wiBEPDQjlNmL7rqldovvoMLY
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2