General
-
Target
f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38.exe
-
Size
1.0MB
-
Sample
241103-esckksxnem
-
MD5
53becf41ba02fdbc491515ba9cf6cc96
-
SHA1
88533f5d751e62ef83170c3081bbc4f2b9783996
-
SHA256
f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38
-
SHA512
e3012db31c0d03e33f3f4620f15944d5ad066d07da9b199787c01e560e880f06d472ca9adce99a2b8d4d94f26e788327ea143a8517ba0d14b6454eb41905734e
-
SSDEEP
24576:DTfVqijKZSZ7ghuJKqiZtd4ILsW4o5PrL:DTfV9jKCghaJCt+ILH5PrL
Static task
static1
Behavioral task
behavioral1
Sample
f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38.exe
-
Size
1.0MB
-
MD5
53becf41ba02fdbc491515ba9cf6cc96
-
SHA1
88533f5d751e62ef83170c3081bbc4f2b9783996
-
SHA256
f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38
-
SHA512
e3012db31c0d03e33f3f4620f15944d5ad066d07da9b199787c01e560e880f06d472ca9adce99a2b8d4d94f26e788327ea143a8517ba0d14b6454eb41905734e
-
SSDEEP
24576:DTfVqijKZSZ7ghuJKqiZtd4ILsW4o5PrL:DTfV9jKCghaJCt+ILH5PrL
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-