General
-
Target
118d8fd564546c1053e30dbebd4ab7c903831865bc97e767ff6378a45d4dcf92.exe
-
Size
734KB
-
Sample
240719-rcf92syarh
-
MD5
22839b4a8ea2f64e0257e2ee0042df3c
-
SHA1
e53d6f6f01f930ca2ee612f1b5a06b94fee9f1f2
-
SHA256
118d8fd564546c1053e30dbebd4ab7c903831865bc97e767ff6378a45d4dcf92
-
SHA512
495e35ae6b29d327989b305a523a0d5f546c9b8973e6b4502b1ceacb925475edc7b6b6a3eff2d8841b206400cc2d7c0a4ac1bdf4459f57c3c60cb17a12d029ab
-
SSDEEP
12288:iWiuaKWgPgrNHBMWrGARAoI0dGYoBInL18VqRvj4Jn8JOneJ0RHh2CVPdlIMXkR:iFngopBrHmoT2InB8YRv0esnwG2CjG
Malware Config
Targets
-
-
Target
118d8fd564546c1053e30dbebd4ab7c903831865bc97e767ff6378a45d4dcf92.exe
-
Size
734KB
-
MD5
22839b4a8ea2f64e0257e2ee0042df3c
-
SHA1
e53d6f6f01f930ca2ee612f1b5a06b94fee9f1f2
-
SHA256
118d8fd564546c1053e30dbebd4ab7c903831865bc97e767ff6378a45d4dcf92
-
SHA512
495e35ae6b29d327989b305a523a0d5f546c9b8973e6b4502b1ceacb925475edc7b6b6a3eff2d8841b206400cc2d7c0a4ac1bdf4459f57c3c60cb17a12d029ab
-
SSDEEP
12288:iWiuaKWgPgrNHBMWrGARAoI0dGYoBInL18VqRvj4Jn8JOneJ0RHh2CVPdlIMXkR:iFngopBrHmoT2InB8YRv0esnwG2CjG
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-