General
-
Target
PO#86632_1.rar
-
Size
671KB
-
Sample
241002-p1sa4swhjq
-
MD5
c2b05c9b79bf61c6e6b612763248289e
-
SHA1
0b006b38fe6aa4d01fd6c1cf3199015549be0c0d
-
SHA256
66aa209b6cc7c44d37ed90d4c6df2e122830b730e9266c59c816591a1d33ef34
-
SHA512
182c7207d569769b1a1b9b459db4b073b77630432f8f27aa68dcaef9629fb9f4abd916f9d2772146a56017cd66c0b9946374dbf02c175ea050f1501f4f126fc4
-
SSDEEP
12288:SvwOp/vuXljE8ObzOOb2NINUmt9dixA8bk08KF4a4nU/JKuxK5/k:awOp/Gq8OvOO1NnHdP8bl8usU4i8k
Malware Config
Targets
-
-
Target
PO#86632.exe
-
Size
777KB
-
MD5
9311139abfee49ed8f2131abdb7a2142
-
SHA1
a0af849bcb178de760d5748097b17025f6e49d97
-
SHA256
9751dc8bfd29e69b5e04e81d1971b145ea18ef7e57211a301339d5bb43d40ff9
-
SHA512
af6a80ed57cb4343eda8bd3ea1f45031788af1e03f4781fea61ca7972492474ca8eae4290ed2c9e51a74cce20597735b5697e87a8c9db9cdfc85a53328bb2131
-
SSDEEP
12288:Uu+w0Vld0rZq9OVqfVdgf2aYOKNDvbVOSWAgiTqB9dmL/USwp:UFVE8cqfrg2TbVOSnsBHGVA
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-