Overview

overview

10

Static

static

3

9a53a95b0c...00.exe

windows7-x64

10

9a53a95b0c...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a53a95b0c1288c8e723030c47029455cb2c15ab69732f2a9fc2aad6b418a200.exe

  • Size

    11KB

  • Sample

    240727-b5kvyayfmq

  • MD5

    132609f10f23a5a1fc5653ae7e91bdb2

  • SHA1

    7a2d21d41d3efd907a98bb6c5ed8c8e1184cf7c8

  • SHA256

    9a53a95b0c1288c8e723030c47029455cb2c15ab69732f2a9fc2aad6b418a200

  • SHA512

    be655158c3482d330204ad8d9552a4ea99ca39e689a4d746aee1fd61af9aa2ec81275378880250ab9862499ed3f95b06696b2127e21d3ddc405c557545603ff3

  • SSDEEP

    192:B2Zxy66nOB3ZC3S+42V+GyEG9malsDfxuCnJx3ptpJ+fl:B2Zxy66nOB3g3c2EQG9blsD885Q

Score
10/10
discoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      9a53a95b0c1288c8e723030c47029455cb2c15ab69732f2a9fc2aad6b418a200.exe

    • Size

      11KB

    • MD5

      132609f10f23a5a1fc5653ae7e91bdb2

    • SHA1

      7a2d21d41d3efd907a98bb6c5ed8c8e1184cf7c8

    • SHA256

      9a53a95b0c1288c8e723030c47029455cb2c15ab69732f2a9fc2aad6b418a200

    • SHA512

      be655158c3482d330204ad8d9552a4ea99ca39e689a4d746aee1fd61af9aa2ec81275378880250ab9862499ed3f95b06696b2127e21d3ddc405c557545603ff3

    • SSDEEP

      192:B2Zxy66nOB3ZC3S+42V+GyEG9malsDfxuCnJx3ptpJ+fl:B2Zxy66nOB3g3c2EQG9blsD885Q

    Score
    10/10
    discoveryevasionexecutiontrojan

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks