General
-
Target
db0f9627eb6f6d633f7211ce94d2ab53277140634443909f78b96a7b18c48b9e.exe
-
Size
814KB
-
Sample
240819-lzpbaaxfjb
-
MD5
46483e709be799db1b59b0bb2a751115
-
SHA1
49d7136f0245bf1b6f63019365165119135f80cf
-
SHA256
db0f9627eb6f6d633f7211ce94d2ab53277140634443909f78b96a7b18c48b9e
-
SHA512
3bb30a181f454317288603c78739dac6d157d982e2eb4535af9e53ae60b5dd816375711ca2ef16eb3cb63a75be9a53052bfbb1f7004123583fb98527402b8c46
-
SSDEEP
12288:BdwL+S65kts5uvpuYzjig9iV/3ImcXuKb2iOPbQoPa88NYpqpXnbk5+3CrjEQSMd:BuL+Itj9HbsV/YmSbf88NLpLUtd
Malware Config
Targets
-
-
Target
db0f9627eb6f6d633f7211ce94d2ab53277140634443909f78b96a7b18c48b9e.exe
-
Size
814KB
-
MD5
46483e709be799db1b59b0bb2a751115
-
SHA1
49d7136f0245bf1b6f63019365165119135f80cf
-
SHA256
db0f9627eb6f6d633f7211ce94d2ab53277140634443909f78b96a7b18c48b9e
-
SHA512
3bb30a181f454317288603c78739dac6d157d982e2eb4535af9e53ae60b5dd816375711ca2ef16eb3cb63a75be9a53052bfbb1f7004123583fb98527402b8c46
-
SSDEEP
12288:BdwL+S65kts5uvpuYzjig9iV/3ImcXuKb2iOPbQoPa88NYpqpXnbk5+3CrjEQSMd:BuL+Itj9HbsV/YmSbf88NLpLUtd
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-