General
-
Target
Szsmegs_LetThereBeCarnage_signed.exe
-
Size
176KB
-
Sample
241023-1ynexs1gmf
-
MD5
54b7712e77bfd017f765162d14fc58d6
-
SHA1
00bd83549c77e4ac889d12b807fdb913ec605d3b
-
SHA256
f4f0b8b2821e83ede86112c5b372c631ac57713a65b00388b3ccbec19b135a99
-
SHA512
90ae2f06cf04bef6db48801b0f09da756a39a6c6f633e19c1a7255bf739c0671d0f0869e4212806c2f0a6aa3b33e49bde35a4ff19fa009d84c82b9cdb108a1f9
-
SSDEEP
3072:Mc3nDSJodfX43Rw/wPAQ9bwdTEP+EcZaUmSBPU9D9Szx:jD0RUCAQ9bqT6+EhUlsEV
Behavioral task
behavioral1
Sample
Szsmegs_LetThereBeCarnage_signed.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Szsmegs_LetThereBeCarnage_signed.exe
-
Size
176KB
-
MD5
54b7712e77bfd017f765162d14fc58d6
-
SHA1
00bd83549c77e4ac889d12b807fdb913ec605d3b
-
SHA256
f4f0b8b2821e83ede86112c5b372c631ac57713a65b00388b3ccbec19b135a99
-
SHA512
90ae2f06cf04bef6db48801b0f09da756a39a6c6f633e19c1a7255bf739c0671d0f0869e4212806c2f0a6aa3b33e49bde35a4ff19fa009d84c82b9cdb108a1f9
-
SSDEEP
3072:Mc3nDSJodfX43Rw/wPAQ9bwdTEP+EcZaUmSBPU9D9Szx:jD0RUCAQ9bqT6+EhUlsEV
Score10/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-