Overview

overview

8

Static

static

3

0033282255...9a.exe

windows7-x64

8

0033282255...9a.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    0033282255789363dc319db1ba376b7577a3a7135e40ea6b0f1f97268a2f3e9a.exe

  • Size

    742KB

  • Sample

    240806-bdhlhathmm

  • MD5

    a1bd457d0643dcebc3b4928477bfd135

  • SHA1

    4211919cf743c4e9850ec1cf40b855bd466edfd5

  • SHA256

    0033282255789363dc319db1ba376b7577a3a7135e40ea6b0f1f97268a2f3e9a

  • SHA512

    d165114cb8117b5446c9b1fc57b9e70f1c5091dd8141ddef8ce385216284c2a8118346e6d32d6c4f9eb07f7f55f75158dec10c8e450ad78df1f5d8edbc719cec

  • SSDEEP

    12288:5ngxa/zmcDXmw/SVbPjGPjF/yjpYW8dcpnhezl1q6hh6SOQessP0jrxPkQg:5gxaakx/SVTMjFKjpHArTMS3rVkl

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      0033282255789363dc319db1ba376b7577a3a7135e40ea6b0f1f97268a2f3e9a.exe

    • Size

      742KB

    • MD5

      a1bd457d0643dcebc3b4928477bfd135

    • SHA1

      4211919cf743c4e9850ec1cf40b855bd466edfd5

    • SHA256

      0033282255789363dc319db1ba376b7577a3a7135e40ea6b0f1f97268a2f3e9a

    • SHA512

      d165114cb8117b5446c9b1fc57b9e70f1c5091dd8141ddef8ce385216284c2a8118346e6d32d6c4f9eb07f7f55f75158dec10c8e450ad78df1f5d8edbc719cec

    • SSDEEP

      12288:5ngxa/zmcDXmw/SVbPjGPjF/yjpYW8dcpnhezl1q6hh6SOQessP0jrxPkQg:5gxaakx/SVTMjFKjpHArTMS3rVkl

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks