General
-
Target
f63685c4a1531a0f09b597f5d7fea9365147f74df3efc9e172ccd2d516a20415.exe
-
Size
438KB
-
Sample
241002-b43dlavcme
-
MD5
abaa9bf72a16af0a5c7bf7b41738fcb7
-
SHA1
6f784817e6d5ccd4e87a9f4f38681700efb78015
-
SHA256
f63685c4a1531a0f09b597f5d7fea9365147f74df3efc9e172ccd2d516a20415
-
SHA512
cd8168d8ac12fb9158a89576a19fbc2295f36c08f91265f3accd6737623c610abce7fee0886baf16afb7a5398ec92e899928b542a82e607a314792756befddb4
-
SSDEEP
6144:z5mQnR/n77VzTb2tOfmpR5f2aZLb9yx0C6CeXn1hjYpJDC/84qLnBqavFc:z4QRf77VzTKE4+EtCel1TkJ
Malware Config
Targets
-
-
Target
f63685c4a1531a0f09b597f5d7fea9365147f74df3efc9e172ccd2d516a20415.exe
-
Size
438KB
-
MD5
abaa9bf72a16af0a5c7bf7b41738fcb7
-
SHA1
6f784817e6d5ccd4e87a9f4f38681700efb78015
-
SHA256
f63685c4a1531a0f09b597f5d7fea9365147f74df3efc9e172ccd2d516a20415
-
SHA512
cd8168d8ac12fb9158a89576a19fbc2295f36c08f91265f3accd6737623c610abce7fee0886baf16afb7a5398ec92e899928b542a82e607a314792756befddb4
-
SSDEEP
6144:z5mQnR/n77VzTb2tOfmpR5f2aZLb9yx0C6CeXn1hjYpJDC/84qLnBqavFc:z4QRf77VzTKE4+EtCel1TkJ
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1