Overview

overview

8

Static

static

3

payment.scr.exe

windows7-x64

8

payment.scr.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment.scr.exe

  • Size

    775KB

  • Sample

    240719-jqzdsazell

  • MD5

    52195b326cf4f448c54616638688e4da

  • SHA1

    ac20f1e7426e40d4eadb7f9749803f1af28b903f

  • SHA256

    ef192b1102458ebc5f960e9569c94194df651723e7eb514093f2bdad4c82a5f1

  • SHA512

    f2d42e1cba1c05dd3e915d077277fbcafefc20cad8f209cd35a8f521b560426957e2b2338b3758364ba62696b7fdad506c19faf64052ca88ded238a0af9f1069

  • SSDEEP

    24576:BB9uwTftd0rZK/ukKwkvOm9crJIB/WUWU4:5uufjEYNILcda/WUl

Score
8/10
execution

Malware Config

Targets

    • Target

      payment.scr.exe

    • Size

      775KB

    • MD5

      52195b326cf4f448c54616638688e4da

    • SHA1

      ac20f1e7426e40d4eadb7f9749803f1af28b903f

    • SHA256

      ef192b1102458ebc5f960e9569c94194df651723e7eb514093f2bdad4c82a5f1

    • SHA512

      f2d42e1cba1c05dd3e915d077277fbcafefc20cad8f209cd35a8f521b560426957e2b2338b3758364ba62696b7fdad506c19faf64052ca88ded238a0af9f1069

    • SSDEEP

      24576:BB9uwTftd0rZK/ukKwkvOm9crJIB/WUWU4:5uufjEYNILcda/WUl

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks