f15cbe7b2db3d2653e9d1cbbfe269869eb38551529d1a9b481d429b6fc2a1735 | Triage

Sharing

General

Target

5919da35e7eb282a2e349c1846674797.bin
Size

672KB
Sample

240913-bltczawfqc
MD5

62b42fa270ef875e01c059405f2de4e6
SHA1

c7ddd8539ca7224a6ac8a9fca9953e90d4ae5806
SHA256

f15cbe7b2db3d2653e9d1cbbfe269869eb38551529d1a9b481d429b6fc2a1735
SHA512

f5598e1478f426d4d8be9afbcbf499cbf2b58b78b1240b59dba8debe53b23abf8d7e142f7b75ff352e487ec94ee9b6cbc6126591b8ad1f790a89fe8f01258558
SSDEEP

12288:er+mACLUNEwJ70iYedXOZ6DZjdlIoOL5wT8yq0SZuCqRcz7rVb+d4dhBvP+czb8O:er+mAvvJ70iz+yxdlInL54hq0uYcX5KO

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  PO Number - 9201000 - SOA - AUGUST END.exe
- Size
  
  716KB
- MD5
  
  8b2508fe6cfe3c2800515c3237a2be66
- SHA1
  
  f6be344c56122715fe7c32161066afb3c56293cf
- SHA256
  
  23d779bb0d3593cc8a56df736aeaad61ca79a1a9d692d6f78573837a520176e2
- SHA512
  
  f7f4fe8f26fc148b8425807c6ac348b00f52da1b1c8866216f1fc5fbf17c75e153e44cd616c8dfe5ee5deb536d8b1e1f201f36e201962ee786d58e4f6c4c3ec7
- SSDEEP
  
  12288:dK7kvDoQ/3U6pdyAwkxN8A4dr0WLKemdOTCX1oCrZWIi5s81cZnFaRExezBpr/:dKoT3FpYAtn81rHK3CCEIi+NZoEQr/
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution