General

  • Target

    5bf4ad02ab57cae2a6ba5a1de38a60b09b276da19f8e19b2f00a166eca193e71N

  • Size

    5.8MB

  • Sample

    241103-j6qftazble

  • MD5

    a309dd870ce8f6c413c53fb6ad7282f0

  • SHA1

    bf1ef29145ce21dfdc0aa328621805f0af806da5

  • SHA256

    5bf4ad02ab57cae2a6ba5a1de38a60b09b276da19f8e19b2f00a166eca193e71

  • SHA512

    4b61a9087ebefb65016d3a56dcba5018124ad4903d34ed9cb918c9340c89ffdcb4523c2ea97f48c5a4215df6ec2b23c02c5556cfa13d47d90d2cc33a2219f00b

  • SSDEEP

    98304:aWSdjmMgDQsEeaHMNKWJXFNvBpqjD3E3gQPN4jK2sR7EWKEXnHozQIMuyraeKFwd:CmM3lH32LvBpqnE3KI79nXHorIraekwd

Score
8/10

Malware Config

Targets

    • Target

      5bf4ad02ab57cae2a6ba5a1de38a60b09b276da19f8e19b2f00a166eca193e71N

    • Size

      5.8MB

    • MD5

      a309dd870ce8f6c413c53fb6ad7282f0

    • SHA1

      bf1ef29145ce21dfdc0aa328621805f0af806da5

    • SHA256

      5bf4ad02ab57cae2a6ba5a1de38a60b09b276da19f8e19b2f00a166eca193e71

    • SHA512

      4b61a9087ebefb65016d3a56dcba5018124ad4903d34ed9cb918c9340c89ffdcb4523c2ea97f48c5a4215df6ec2b23c02c5556cfa13d47d90d2cc33a2219f00b

    • SSDEEP

      98304:aWSdjmMgDQsEeaHMNKWJXFNvBpqjD3E3gQPN4jK2sR7EWKEXnHozQIMuyraeKFwd:CmM3lH32LvBpqnE3KI79nXHorIraekwd

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks