General

  • Target

    8b1cd2b2487837483858606adc6a3b80N.exe

  • Size

    3.5MB

  • Sample

    240905-1c92sszcmq

  • MD5

    8b1cd2b2487837483858606adc6a3b80

  • SHA1

    55682248b0dd2e07897fa521c83833a5c8e276d8

  • SHA256

    2ca447137bccccda45ac2f8d372e2a79020b7eba06e04316aea56a089887afac

  • SHA512

    57dff392b2855df5bff54919a7f15531c36fc381f4c2df7b7bad8eb9dd29a37195e6951ccf39bf3565b31cbbd4d96a87fb6886de85c3f9a9ecd482e5c01673e5

  • SSDEEP

    98304:h/FBcFwihwtTx3h9OD4CpygBIF+EOT10XN:xFBpi+xjW4CppEOT2d

Score
8/10

Malware Config

Targets

    • Target

      8b1cd2b2487837483858606adc6a3b80N.exe

    • Size

      3.5MB

    • MD5

      8b1cd2b2487837483858606adc6a3b80

    • SHA1

      55682248b0dd2e07897fa521c83833a5c8e276d8

    • SHA256

      2ca447137bccccda45ac2f8d372e2a79020b7eba06e04316aea56a089887afac

    • SHA512

      57dff392b2855df5bff54919a7f15531c36fc381f4c2df7b7bad8eb9dd29a37195e6951ccf39bf3565b31cbbd4d96a87fb6886de85c3f9a9ecd482e5c01673e5

    • SSDEEP

      98304:h/FBcFwihwtTx3h9OD4CpygBIF+EOT10XN:xFBpi+xjW4CppEOT2d

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks