Overview

overview

8

Static

static

3

September ...ts.exe

windows7-x64

8

September ...ts.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8c922c0113a592b577eb0174606c71a626b726153bfb9582e5c0473f9678bfd.rar

  • Size

    671KB

  • Sample

    241002-bz35bs1arr

  • MD5

    b7eecbf0cc4f843a83d219b378d15385

  • SHA1

    6a477a1094090cca75c639f8c084360de51af76a

  • SHA256

    c8c922c0113a592b577eb0174606c71a626b726153bfb9582e5c0473f9678bfd

  • SHA512

    a75c53a5c5751902effa2c7a415d26d137de8621db947ff19c06d2161f2ce3e4b49d7dd00b042ad6aebfd1e98fae1fef3db5aa2f6cedf03e26cb4495a64b9852

  • SSDEEP

    12288:eLBeOa62cfa294w9BfVGeZDpkx/twYwNrWQpfwPY0a89DcU4geejeN5f9h2nsfxP:ezNRCsP9zNVkx/twYwJpfwg0a4cUZjez

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      September payments.exe

    • Size

      777KB

    • MD5

      829ca0be6c5a9982fe1fd88f3db358d4

    • SHA1

      20fed866af8500ad5ee7d9e6f855ed1ab6a7f736

    • SHA256

      362207c53645346df6f36cf3f7792e5fc4655895b35a6e3477e218e0e0007be9

    • SHA512

      c6dd6e9ac321505fd3547b957a7a7763ae54e754234bb78145dc201571f77f26fb54c49e44a17a9944fb1054e30fb754fef2fcfc676ce5d4ca0f2bfd67c279fe

    • SSDEEP

      24576:IMR0YU8TjxvmnrZomcsCjidhfhn9px857:e+vwrZor3uE7

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks