General

  • Target

    IMG__12724.exe

  • Size

    704KB

  • Sample

    240712-tm77ma1cml

  • MD5

    a309f8839dd6e219d8cd485cc399e3a2

  • SHA1

    f77aca108b45144c7ae32d76dd1a032a6e6353fd

  • SHA256

    d270c8a2103434ec8902b1d192f8907c2a36389e7657fca3dec2cfd5bbeaa917

  • SHA512

    1d155f98962cf1401c821d3514ca19fde9caaf1afdf120c7fffd1743f76d2a6bb02c48d1fb4934e6943092f230318b411cb824b0097728d4afc008c65ab22931

  • SSDEEP

    12288:Dd2iNzBRy3VetjsTkniznIIIoiL227v1HJw8IPesy:Dd1PjNcIoo20HJw8qO

Malware Config

Targets

    • Target

      IMG__12724.exe

    • Size

      704KB

    • MD5

      a309f8839dd6e219d8cd485cc399e3a2

    • SHA1

      f77aca108b45144c7ae32d76dd1a032a6e6353fd

    • SHA256

      d270c8a2103434ec8902b1d192f8907c2a36389e7657fca3dec2cfd5bbeaa917

    • SHA512

      1d155f98962cf1401c821d3514ca19fde9caaf1afdf120c7fffd1743f76d2a6bb02c48d1fb4934e6943092f230318b411cb824b0097728d4afc008c65ab22931

    • SSDEEP

      12288:Dd2iNzBRy3VetjsTkniznIIIoiL227v1HJw8IPesy:Dd1PjNcIoo20HJw8qO

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks