fbf9cc2f5fe0522f2394337952cf8794b39794569641a9c96758e43942d09395 | Triage

Sharing

General

Target

fbf9cc2f5fe0522f2394337952cf8794b39794569641a9c96758e43942d09395N
Size

2.9MB
Sample

240919-hb1smavfpb
MD5

0abd203d9ec724e158734da542e64c70
SHA1

dcccc0e6a914b8ba691927688a8253e971e8f748
SHA256

fbf9cc2f5fe0522f2394337952cf8794b39794569641a9c96758e43942d09395
SHA512

b3fbed17bf68fffc650a5f61d1e4ebc4b3ae28f6c8e6f87d24d4a7c402ab7bf366b832464859f536edc5490f7216b7717e9fa1fc0cb8371c910f42a10c10f1a2
SSDEEP

49152:8oj1u70WR2bmhesmSozsd1Ou+GxCt9h4aNvmpqy/iWlgC:1MRLhehS/4uutXFNvm0yqWH

Score

8^/10

execution

Malware Config

Targets

- Target
  
  fbf9cc2f5fe0522f2394337952cf8794b39794569641a9c96758e43942d09395N
- Size
  
  2.9MB
- MD5
  
  0abd203d9ec724e158734da542e64c70
- SHA1
  
  dcccc0e6a914b8ba691927688a8253e971e8f748
- SHA256
  
  fbf9cc2f5fe0522f2394337952cf8794b39794569641a9c96758e43942d09395
- SHA512
  
  b3fbed17bf68fffc650a5f61d1e4ebc4b3ae28f6c8e6f87d24d4a7c402ab7bf366b832464859f536edc5490f7216b7717e9fa1fc0cb8371c910f42a10c10f1a2
- SSDEEP
  
  49152:8oj1u70WR2bmhesmSozsd1Ou+GxCt9h4aNvmpqy/iWlgC:1MRLhehS/4uutXFNvm0yqWH
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2