50048e6f2c92f251bfc87da636dbc73080669bf84b8c5737db5af7b4bd4c27ac | Triage

Sharing

General

Target

50048e6f2c92f251bfc87da636dbc73080669bf84b8c5737db5af7b4bd4c27acN
Size

1.6MB
Sample

240919-hqa6hswepr
MD5

4b98ac287e67eae4030bbc0c01a7a300
SHA1

f3faa45b998f0950b4718339e50ec09c6663079b
SHA256

50048e6f2c92f251bfc87da636dbc73080669bf84b8c5737db5af7b4bd4c27ac
SHA512

dbbbe9d57065f0acc4545758786cec67c10dc86e1f79c5ee26a2fe5b29fe427285ca0a158cc81523b261ca5ff2993bd22d01c524d2078183b169aa609a4b85fb
SSDEEP

49152:DAodtaG9kS2U84B+FLan9k5TRM9zleVjPSf:h/B1aS

Score

8^/10

execution

Malware Config

Targets

- Target
  
  50048e6f2c92f251bfc87da636dbc73080669bf84b8c5737db5af7b4bd4c27acN
- Size
  
  1.6MB
- MD5
  
  4b98ac287e67eae4030bbc0c01a7a300
- SHA1
  
  f3faa45b998f0950b4718339e50ec09c6663079b
- SHA256
  
  50048e6f2c92f251bfc87da636dbc73080669bf84b8c5737db5af7b4bd4c27ac
- SHA512
  
  dbbbe9d57065f0acc4545758786cec67c10dc86e1f79c5ee26a2fe5b29fe427285ca0a158cc81523b261ca5ff2993bd22d01c524d2078183b169aa609a4b85fb
- SSDEEP
  
  49152:DAodtaG9kS2U84B+FLan9k5TRM9zleVjPSf:h/B1aS
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2