Overview

overview

8

Static

static

3

d5817e8cfa...27.exe

windows7-x64

8

d5817e8cfa...27.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    799014b55d0e11772683483ffbea3430.bin

  • Size

    770KB

  • Sample

    240820-btzvqa1alr

  • MD5

    bbf475e8113b37fa3aea8139f5fbd8a5

  • SHA1

    b7cd8d8627a866e074c622ded21c67e9087a441e

  • SHA256

    8c37901dbcd68f639d6f53e712f405201752a0b6e681a6bb63400fd4d4c0f3d5

  • SHA512

    ac08ef2640adecfb880399c623e8e2ea4fa901aea388daccf7e21b4b55f51b21cf86e3489a8cf1cc251ac48cbc22e76b5fc75922e5c24ae241055aeaf807b3c4

  • SSDEEP

    24576:zqXJVd5keiHPmPznb6fG9hK2giItt2+o2yKb:zqh5keiHPYznkVl5tU+Uk

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      d5817e8cfa2e2f8abb5feea016308efb1cd84e4f15ddd6b9e48692f626b8f927.exe

    • Size

      870KB

    • MD5

      799014b55d0e11772683483ffbea3430

    • SHA1

      c75437a1d401c139bdbb82ccbcb8a9f3de1333f2

    • SHA256

      d5817e8cfa2e2f8abb5feea016308efb1cd84e4f15ddd6b9e48692f626b8f927

    • SHA512

      086dfd220a6b78b9db515f7319d9a135ebde1c462b75654bccef319643b484677eb65e33c991a394bb05cdb1cb651720b04f86dfc3f479cc032c1004c999eca7

    • SSDEEP

      24576:2hNDsYdbbmBZM4D2sDdUKc1THDTZgTBrf5J78:MtlmbM4D2spUK0THxgTBT5J78

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks