General
-
Target
6c97f943314d95f62fa8e2401e06f0302b971d4ef4b58afc082f69674a668bed
-
Size
677KB
-
Sample
241009-1vblysveql
-
MD5
d86b38397e13c2b23ebbc9c62fd96100
-
SHA1
65193a3ea352c8f9bc76c4d75b0bf17e346c1170
-
SHA256
6c97f943314d95f62fa8e2401e06f0302b971d4ef4b58afc082f69674a668bed
-
SHA512
b2f9675af6e79d18bee3268ac043f4d3c9302c745ba6427e3ceacbc5c06fc205ccea4c913d6b3a6a7a29e9042bb539873512676daa3d7473e4aa949851ec17cc
-
SSDEEP
12288:lsPQh6SEANr9CgjCHOf2bRuG2uy9K/J+7cPPPbzBzi/hdtTJq:l7YurkO0R49uJ+IPr1z
Malware Config
Targets
-
-
Target
6c97f943314d95f62fa8e2401e06f0302b971d4ef4b58afc082f69674a668bed
-
Size
677KB
-
MD5
d86b38397e13c2b23ebbc9c62fd96100
-
SHA1
65193a3ea352c8f9bc76c4d75b0bf17e346c1170
-
SHA256
6c97f943314d95f62fa8e2401e06f0302b971d4ef4b58afc082f69674a668bed
-
SHA512
b2f9675af6e79d18bee3268ac043f4d3c9302c745ba6427e3ceacbc5c06fc205ccea4c913d6b3a6a7a29e9042bb539873512676daa3d7473e4aa949851ec17cc
-
SSDEEP
12288:lsPQh6SEANr9CgjCHOf2bRuG2uy9K/J+7cPPPbzBzi/hdtTJq:l7YurkO0R49uJ+IPr1z
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-