General
-
Target
MalwareBazaar.0
-
Size
2.6MB
-
Sample
240806-wlngyazaph
-
MD5
89043de1690eeaba17df956f701269b7
-
SHA1
ec42ec5d9fbc0bd22a1ab1c2b1e8f1dc2cf9bc42
-
SHA256
87d56ef3f76d966ff4dbf9d4bbc4d8a66c50eb6bc4181c282daa262a4044b367
-
SHA512
82af1b88e17e332e517871b0b8ce8501e4a5c1669dfe936dbc3212c73833e519a0871b250144194e0840d0578338abfd169504d4a123d745db0168a054aec349
-
SSDEEP
12288:Ch7KOjdy7OPHVoVt3Q2MZHfgg+D5UNNniyN0k1yCNXCcXaU5VN9RbH:yKOjibMAU/ik0k1ySauDH
Malware Config
Targets
-
-
Target
MalwareBazaar.0
-
Size
2.6MB
-
MD5
89043de1690eeaba17df956f701269b7
-
SHA1
ec42ec5d9fbc0bd22a1ab1c2b1e8f1dc2cf9bc42
-
SHA256
87d56ef3f76d966ff4dbf9d4bbc4d8a66c50eb6bc4181c282daa262a4044b367
-
SHA512
82af1b88e17e332e517871b0b8ce8501e4a5c1669dfe936dbc3212c73833e519a0871b250144194e0840d0578338abfd169504d4a123d745db0168a054aec349
-
SSDEEP
12288:Ch7KOjdy7OPHVoVt3Q2MZHfgg+D5UNNniyN0k1yCNXCcXaU5VN9RbH:yKOjibMAU/ik0k1ySauDH
Score10/10-
UAC bypass
-
Windows security bypass
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-