General

  • Target

    f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38.exe

  • Size

    1.0MB

  • Sample

    241103-esckksxnem

  • MD5

    53becf41ba02fdbc491515ba9cf6cc96

  • SHA1

    88533f5d751e62ef83170c3081bbc4f2b9783996

  • SHA256

    f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38

  • SHA512

    e3012db31c0d03e33f3f4620f15944d5ad066d07da9b199787c01e560e880f06d472ca9adce99a2b8d4d94f26e788327ea143a8517ba0d14b6454eb41905734e

  • SSDEEP

    24576:DTfVqijKZSZ7ghuJKqiZtd4ILsW4o5PrL:DTfV9jKCghaJCt+ILH5PrL

Score
8/10

Malware Config

Targets

    • Target

      f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38.exe

    • Size

      1.0MB

    • MD5

      53becf41ba02fdbc491515ba9cf6cc96

    • SHA1

      88533f5d751e62ef83170c3081bbc4f2b9783996

    • SHA256

      f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38

    • SHA512

      e3012db31c0d03e33f3f4620f15944d5ad066d07da9b199787c01e560e880f06d472ca9adce99a2b8d4d94f26e788327ea143a8517ba0d14b6454eb41905734e

    • SSDEEP

      24576:DTfVqijKZSZ7ghuJKqiZtd4ILsW4o5PrL:DTfV9jKCghaJCt+ILH5PrL

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks