f9e53a9a2543e22e668248b2526ab1fcf1d0a4ec8580e623021019ca00f97578 | Triage

Sharing

General

Target

13072024_0302_12072024_POM2223.gz
Size

668KB
Sample

240713-djwresvgng
MD5

d469bda56089256ed7a0dd762f360b58
SHA1

200d55ec976e62c86298509c5c69fce9907bb0ff
SHA256

f9e53a9a2543e22e668248b2526ab1fcf1d0a4ec8580e623021019ca00f97578
SHA512

6e4f95085cb8980eb818aeeb7032193a5e10ddd33289d3722baf1886c0ad8b7d261bf731c030dd77dff1f8b378b1dc4273c73597c364e803a51382fad5512172
SSDEEP

12288:WDUGxL1BvS5RNrxj2B4rccoemM08/9Pm5g7OnWMx48NMHW/iH9Wf0MqP3m:WK5RfjW4r4lp8VPmCipx48NM2/iHNMSm

Score

8^/10

execution

Malware Config

Targets

- Target
  
  POM2223/POM2223.exe
- Size
  
  719KB
- MD5
  
  cca00dca04a26d14770e0cde89c49bf2
- SHA1
  
  cb271403ac47e1159259894f509320b1b4d1e9ed
- SHA256
  
  c565b70146700bac34f82ce87ac6c2417211d04db7ba8433d9bcd8ca2e15a5ed
- SHA512
  
  90461c8440b985e3ca37eaa014e0ca66496f6160dc7e53bff30aa5d9e1d7f62bc02303e708f73d77e1825a7ec8f8c533f779a1050da14e8eeaa750812259af77
- SSDEEP
  
  12288:S72iNmz6sXqg9zdl9FB6yh+myDWfQoME2Csa5RSvr7vsxdEJ4SBoBioNb/IPesIf:S71ZsXqgXl9F3NJxsa58HvUq4HBRqbi
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2