General
-
Target
5aa3b51bb5f2feccb62b387ab35cc558b9a2c5e06c6852effe8f2bb10275305e
-
Size
2.5MB
-
Sample
240726-14fl9sxhpl
-
MD5
7e04405fba6538fb04effb9b551f174f
-
SHA1
181e3158b1569b0cb94c4818706eb5c9a4f60ae0
-
SHA256
5aa3b51bb5f2feccb62b387ab35cc558b9a2c5e06c6852effe8f2bb10275305e
-
SHA512
1831da5f5ee48b6e1931bb27343f1ee7b1f7a32f13f6dab6058c7cf008edc3b0e85e7040a8cbaeefa9452c2cab61be8ccb45bfa7adbe59d733b7f1714b22db4f
-
SSDEEP
49152:hi9r4+6RpSnzbAT6HB0SBBfY7tEa+tjZEwYcU8wkPOx7pXhpV9u1O:ISWPAGhtBg7e3tjuwdXVPs7pXhpV9u1O
Malware Config
Targets
-
-
Target
5aa3b51bb5f2feccb62b387ab35cc558b9a2c5e06c6852effe8f2bb10275305e
-
Size
2.5MB
-
MD5
7e04405fba6538fb04effb9b551f174f
-
SHA1
181e3158b1569b0cb94c4818706eb5c9a4f60ae0
-
SHA256
5aa3b51bb5f2feccb62b387ab35cc558b9a2c5e06c6852effe8f2bb10275305e
-
SHA512
1831da5f5ee48b6e1931bb27343f1ee7b1f7a32f13f6dab6058c7cf008edc3b0e85e7040a8cbaeefa9452c2cab61be8ccb45bfa7adbe59d733b7f1714b22db4f
-
SSDEEP
49152:hi9r4+6RpSnzbAT6HB0SBBfY7tEa+tjZEwYcU8wkPOx7pXhpV9u1O:ISWPAGhtBg7e3tjuwdXVPs7pXhpV9u1O
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-