General
-
Target
COTIZACION 19 08 24.exe
-
Size
800KB
-
Sample
240820-gqbxdazhjl
-
MD5
cd6c90566fe8eb9fedd8aa076b6ff09c
-
SHA1
1d4da3fee474a088c6c486d4da8c171a60560eb7
-
SHA256
d00af7d1aa35864537045299a782f3b010d5fe3a7e40bbe04846a2baa07a93a3
-
SHA512
19d9380a657ae80d41837e7c563f5e350ff27ba5752af62d8c0daddc333e33183967e32e9628b657c25e4d24f21682c9bb21e78de53d0eca360e8249d52c5dc9
-
SSDEEP
24576:VixC/qaSuEScIMu97Z1umY9lBQwqzAj9sJKu:VciUuEmMiZEmuluXzAj9O
Malware Config
Targets
-
-
Target
COTIZACION 19 08 24.exe
-
Size
800KB
-
MD5
cd6c90566fe8eb9fedd8aa076b6ff09c
-
SHA1
1d4da3fee474a088c6c486d4da8c171a60560eb7
-
SHA256
d00af7d1aa35864537045299a782f3b010d5fe3a7e40bbe04846a2baa07a93a3
-
SHA512
19d9380a657ae80d41837e7c563f5e350ff27ba5752af62d8c0daddc333e33183967e32e9628b657c25e4d24f21682c9bb21e78de53d0eca360e8249d52c5dc9
-
SSDEEP
24576:VixC/qaSuEScIMu97Z1umY9lBQwqzAj9sJKu:VciUuEmMiZEmuluXzAj9O
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-