0815006376965ab56ae99a21dd4076ac619276200353c0b347992e5f661146d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26A59CD01F58CE58D8448D080FDD07AA2C02AE2F.bin
Size

857KB
Sample

240710-ez314sycka
MD5

d01447c742072d91ada6484d26eaa949
SHA1

26a59cd01f58ce58d8448d080fdd07aa2c02ae2f
SHA256

0815006376965ab56ae99a21dd4076ac619276200353c0b347992e5f661146d9
SHA512

dafccf4dd878d499a9706c97dd61812333f3ecf45a37fe8722949809bad2f53558134170105b04f0317a46031a3e345ae0c779f7cf8e56d51dae70599b4dd9b6
SSDEEP

12288:LbVQXN2iNPqg7c/4DjjTd/ySoCXYCyvh1Fu4XWZ2PAljPs4wN0dvyi14GBLcA0EW:LWN11zw/4D/T1y4E44XWZplz1E0dDkEW

Score

8^/10

execution

Malware Config

Targets

- Target
  
  26A59CD01F58CE58D8448D080FDD07AA2C02AE2F.bin
- Size
  
  857KB
- MD5
  
  d01447c742072d91ada6484d26eaa949
- SHA1
  
  26a59cd01f58ce58d8448d080fdd07aa2c02ae2f
- SHA256
  
  0815006376965ab56ae99a21dd4076ac619276200353c0b347992e5f661146d9
- SHA512
  
  dafccf4dd878d499a9706c97dd61812333f3ecf45a37fe8722949809bad2f53558134170105b04f0317a46031a3e345ae0c779f7cf8e56d51dae70599b4dd9b6
- SSDEEP
  
  12288:LbVQXN2iNPqg7c/4DjjTd/ySoCXYCyvh1Fu4XWZ2PAljPs4wN0dvyi14GBLcA0EW:LWN11zw/4D/T1y4E44XWZplz1E0dDkEW
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2