Overview

overview

8

Static

static

3

4faa7e816d...0N.exe

windows7-x64

8

4faa7e816d...0N.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    4faa7e816da417ee21ebca031f59db30N

  • Size

    635KB

  • Sample

    240908-ky3lvayhrb

  • MD5

    4faa7e816da417ee21ebca031f59db30

  • SHA1

    eead27b9eef069ff2cb75b792cb1509bbd481abe

  • SHA256

    719a08df48b666367dca6ef4d23d1d040bb2a007d398ce7003a4a30e4c983806

  • SHA512

    7eea1cba5f8bb3b445c08dc48a1c5c3062e8064a96a2583cce80eaaf02fe3a281cce63d07b22f3e0f606f38f9447b3963c9465c5cb42d37214429ec234683722

  • SSDEEP

    12288:JE0/Fu9b4Ng7FvR3ZJKW3GmMalLxnhFdj583aqAvSQbiDkw:j/Fu9b4Ng7FvdKSGmZV9xvSj

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      4faa7e816da417ee21ebca031f59db30N

    • Size

      635KB

    • MD5

      4faa7e816da417ee21ebca031f59db30

    • SHA1

      eead27b9eef069ff2cb75b792cb1509bbd481abe

    • SHA256

      719a08df48b666367dca6ef4d23d1d040bb2a007d398ce7003a4a30e4c983806

    • SHA512

      7eea1cba5f8bb3b445c08dc48a1c5c3062e8064a96a2583cce80eaaf02fe3a281cce63d07b22f3e0f606f38f9447b3963c9465c5cb42d37214429ec234683722

    • SSDEEP

      12288:JE0/Fu9b4Ng7FvR3ZJKW3GmMalLxnhFdj583aqAvSQbiDkw:j/Fu9b4Ng7FvdKSGmZV9xvSj

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks