General
-
Target
rPurchaseOrders-18271824.scr
-
Size
802KB
-
Sample
240808-24eweasbjq
-
MD5
39f6aa8a76ba2065dc0d8ee0f656c118
-
SHA1
4913afb62640aa3784960be1a4cedf1d5a0e533e
-
SHA256
6acf8aa7d107cc299d9d04b1f4f8ffe9b717a091ac1d5342adf7ba9bbd96288c
-
SHA512
fc56fc61adc3b860f288e617ce50cabe6aad3c0e0ee020fb601d3c75d47f850ac30e7fb81d2b9a3f325c51c872a11110b67a75b0bce6b0eba515b932cee68766
-
SSDEEP
12288:ebvN2iNLJF0/IW7b3ezYhZtYjRav9vtxNGSXauG/m4bc4ZyhwmQeZ4EUWZJkR:eh13EIWH3NTQavD3GSXtG/mstuSv
Malware Config
Targets
-
-
Target
rPurchaseOrders-18271824.scr
-
Size
802KB
-
MD5
39f6aa8a76ba2065dc0d8ee0f656c118
-
SHA1
4913afb62640aa3784960be1a4cedf1d5a0e533e
-
SHA256
6acf8aa7d107cc299d9d04b1f4f8ffe9b717a091ac1d5342adf7ba9bbd96288c
-
SHA512
fc56fc61adc3b860f288e617ce50cabe6aad3c0e0ee020fb601d3c75d47f850ac30e7fb81d2b9a3f325c51c872a11110b67a75b0bce6b0eba515b932cee68766
-
SSDEEP
12288:ebvN2iNLJF0/IW7b3ezYhZtYjRav9vtxNGSXauG/m4bc4ZyhwmQeZ4EUWZJkR:eh13EIWH3NTQavD3GSXtG/mstuSv
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-