fadafafbdecdb64b00e6bddcb0e33bf68c2a512512fcacefc1d848e35ff3a001 | Triage

Sharing

General

Target

52a204c0c7b6f1784664cb1189fd87e0N.exe
Size

718KB
Sample

240713-f8yy7axfnr
MD5

52a204c0c7b6f1784664cb1189fd87e0
SHA1

85fe0f36f6561782b0342d7e05968f49d6591b03
SHA256

fadafafbdecdb64b00e6bddcb0e33bf68c2a512512fcacefc1d848e35ff3a001
SHA512

7c8ea04623141c589d670baf1880585ffa4a17bc0554962cbd3970c92c69a8feb46d44e7c69c56f477311038b13d705afe2714200bd2ce7491ec83d1269eb271
SSDEEP

12288:2TYVK+orvrHxct0c84koZ5vyw+JjasbWrWKYKIQ0EKPKRAc6acTz:E1+wxccKZ5Kb1aoWrWbKIQ09+Ac

Score

8^/10

execution

Malware Config

Targets

- Target
  
  52a204c0c7b6f1784664cb1189fd87e0N.exe
- Size
  
  718KB
- MD5
  
  52a204c0c7b6f1784664cb1189fd87e0
- SHA1
  
  85fe0f36f6561782b0342d7e05968f49d6591b03
- SHA256
  
  fadafafbdecdb64b00e6bddcb0e33bf68c2a512512fcacefc1d848e35ff3a001
- SHA512
  
  7c8ea04623141c589d670baf1880585ffa4a17bc0554962cbd3970c92c69a8feb46d44e7c69c56f477311038b13d705afe2714200bd2ce7491ec83d1269eb271
- SSDEEP
  
  12288:2TYVK+orvrHxct0c84koZ5vyw+JjasbWrWKYKIQ0EKPKRAc6acTz:E1+wxccKZ5Kb1aoWrWbKIQ09+Ac
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2