Overview

overview

8

Static

static

3

rpago0540.exe

windows7-x64

8

rpago0540.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rpago0540.exe

  • Size

    797KB

  • Sample

    240925-k8ggcszglh

  • MD5

    ca34d85de17855d5071874ee082ac23f

  • SHA1

    ab7816cbe9c6ca2ca36038263b05df149768b41c

  • SHA256

    589913760a4915f199fbdaf977805bf863f8498be13682cc7e1609f926bf740c

  • SHA512

    a78ad04091141647659e4b01f022234bd38f8a98926976569d65373032a1a6510beed44e81d8857d0eb731fd98c8df0df6b8ed4b844fad363243fb16527169a5

  • SSDEEP

    12288:T5tg08DHa86/2GGY3d9KeJkppX/IxtRokRlHrR/aV/evW+9XQ5sr:gD6b/2GVd9cpAxokR1N/aV/eLBKe

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      rpago0540.exe

    • Size

      797KB

    • MD5

      ca34d85de17855d5071874ee082ac23f

    • SHA1

      ab7816cbe9c6ca2ca36038263b05df149768b41c

    • SHA256

      589913760a4915f199fbdaf977805bf863f8498be13682cc7e1609f926bf740c

    • SHA512

      a78ad04091141647659e4b01f022234bd38f8a98926976569d65373032a1a6510beed44e81d8857d0eb731fd98c8df0df6b8ed4b844fad363243fb16527169a5

    • SSDEEP

      12288:T5tg08DHa86/2GGY3d9KeJkppX/IxtRokRlHrR/aV/evW+9XQ5sr:gD6b/2GVd9cpAxokR1N/aV/eLBKe

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks