b8986771df334227d1de04468a12b4518a83b60943e3254f8709c5b6ff8b61a2 | Triage

Sharing

General

Target

b8986771df334227d1de04468a12b4518a83b60943e3254f8709c5b6ff8b61a2N.exe
Size

4.8MB
Sample

240925-yvxs3svfmm
MD5

a2198b8b0989f2b39155cd89a0bf7810
SHA1

2e9b90d7908c6016b086127e162ca6819104d1ad
SHA256

b8986771df334227d1de04468a12b4518a83b60943e3254f8709c5b6ff8b61a2
SHA512

b841ea8f9af5c83a3b3f47843f0e23b77eaca02630ef4f99be5e003222be946c2c23d8d8a212e2bed9ff4b8e4497b54b3c2ae7fcdb0e56450d56481e5fac80fe
SSDEEP

98304:1MRLheh139CWlG0ysnlyVBoPg8eGxxclZ37J8NXuRoYEbBLj:iIhRgWMqEj76clZ3N16Bf

Score

8^/10

execution

Malware Config

Targets

- Target
  
  b8986771df334227d1de04468a12b4518a83b60943e3254f8709c5b6ff8b61a2N.exe
- Size
  
  4.8MB
- MD5
  
  a2198b8b0989f2b39155cd89a0bf7810
- SHA1
  
  2e9b90d7908c6016b086127e162ca6819104d1ad
- SHA256
  
  b8986771df334227d1de04468a12b4518a83b60943e3254f8709c5b6ff8b61a2
- SHA512
  
  b841ea8f9af5c83a3b3f47843f0e23b77eaca02630ef4f99be5e003222be946c2c23d8d8a212e2bed9ff4b8e4497b54b3c2ae7fcdb0e56450d56481e5fac80fe
- SSDEEP
  
  98304:1MRLheh139CWlG0ysnlyVBoPg8eGxxclZ37J8NXuRoYEbBLj:iIhRgWMqEj76clZ3N16Bf
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2