Overview

overview

10

Static

static

3

ORDEN DE C...58.exe

windows7-x64

1

ORDEN DE C...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02082024_0133_01082024_ORDEN DE COMPRA DE CARRIER OC-2958.zip

  • Size

    632KB

  • Sample

    240802-by3geaxfrp

  • MD5

    fa2d98d31aa7c55f2c242556a764d057

  • SHA1

    c65456ae1a5538bf5b87300b3fa22faa874efeca

  • SHA256

    3008250d44d1de0a39be4aedec810ca409f719f62778c48d080c263a5ab64a3f

  • SHA512

    f11fe9f1fcc006d785d37642749041a6cf8592b393f9d385ffd9b144552c96a7907f7eb9d2e2bfcb27ca7f776015cb7db01a74bcb808fbe494ec18c6eb5f9e27

  • SSDEEP

    12288:8/1hEUQCxgzO+DyKLO0B0TkE4MyYKoJ4k5Mn72H5tm:8/g8xEOD0B0gE4MyYnJG7mtm

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      ORDEN DE COMPRA DE CARRIER OC-2958/ORDEN DE COMPRA DE CARRIER OC-2958.exe

    • Size

      1.3MB

    • MD5

      71e1481cceb86e6e234461d99663e35d

    • SHA1

      c6d5c736de3688930c070fa136c513fbaae7558b

    • SHA256

      c85dadf61a20405292394dae1398c5a53be36b3ed591b0e172258644b51082f1

    • SHA512

      5b124e6cd3b1145d73d4468df4488ef64c65cc1c3abc314bcb5da6d295521b070c3a57572cd06838cbac7dca81b7d4c605c77fd9015b13ef61cca32de262fb60

    • SSDEEP

      12288:lMiUQS32z++DUKpO030Tk44My0KoJik5Mnx2d/tMgt:Ro3i+P030g44My0nJIxgtMW

    Score
    10/10
    evasionexecutiontrojan

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks