General
-
Target
54185884c1c87c72294f4d78aafcf2eab6d8e45c35e33d3f8fa72227d04a592cN
-
Size
663KB
-
Sample
240919-e3lw1a1ekp
-
MD5
3d8bb9da160881a08ec7037ad8e9e840
-
SHA1
e1a93bd4904989823b1963ee8580db4d6199ddd5
-
SHA256
54185884c1c87c72294f4d78aafcf2eab6d8e45c35e33d3f8fa72227d04a592c
-
SHA512
34e381cc3d0cdaadac3ad715959de9f36dfff13c4d2f16c2bc4939e2c9fe458f44959d0d979ab5f1b999ff31a785d0aa5c4682661cd489d90e9d9b10e8d98940
-
SSDEEP
12288:MBnuxPm7WUt+NpkcMob1Mr3+6lAVUIdd0HQcPj7EwdTNXvj:IuYWA+zPb1Mb+6lid0HQc7Xd1r
Malware Config
Targets
-
-
Target
54185884c1c87c72294f4d78aafcf2eab6d8e45c35e33d3f8fa72227d04a592cN
-
Size
663KB
-
MD5
3d8bb9da160881a08ec7037ad8e9e840
-
SHA1
e1a93bd4904989823b1963ee8580db4d6199ddd5
-
SHA256
54185884c1c87c72294f4d78aafcf2eab6d8e45c35e33d3f8fa72227d04a592c
-
SHA512
34e381cc3d0cdaadac3ad715959de9f36dfff13c4d2f16c2bc4939e2c9fe458f44959d0d979ab5f1b999ff31a785d0aa5c4682661cd489d90e9d9b10e8d98940
-
SSDEEP
12288:MBnuxPm7WUt+NpkcMob1Mr3+6lAVUIdd0HQcPj7EwdTNXvj:IuYWA+zPb1Mb+6lid0HQc7Xd1r
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-