General

  • Target

    a2dbded39353b93890086dfab9c4f9714ebdfefbf22a118a9c2a797448c7528aN

  • Size

    6.4MB

  • Sample

    241104-l52tkaycrc

  • MD5

    4387255bf3912826f9ce2c8d8d3dc7a0

  • SHA1

    d409030b73aeb5c5dce17f65e571444a7d4ce971

  • SHA256

    a2dbded39353b93890086dfab9c4f9714ebdfefbf22a118a9c2a797448c7528a

  • SHA512

    8878bfe8fd447eab77b1559157157f10b5001c8f7fff4e2c71f8e273c20f17a81d25ecbfc694005b5b3fad88be37e77f44d020474c03d4ab7def36469c3f91cc

  • SSDEEP

    98304:aWSdjmMgDQZudIOWsP/hKrXhDRjSFEK/nEeBGeQdo1JKexYw2kFJeqTY:CmM3WHPMPjSfvEXBpwhFJeEY

Score
8/10

Malware Config

Targets

    • Target

      a2dbded39353b93890086dfab9c4f9714ebdfefbf22a118a9c2a797448c7528aN

    • Size

      6.4MB

    • MD5

      4387255bf3912826f9ce2c8d8d3dc7a0

    • SHA1

      d409030b73aeb5c5dce17f65e571444a7d4ce971

    • SHA256

      a2dbded39353b93890086dfab9c4f9714ebdfefbf22a118a9c2a797448c7528a

    • SHA512

      8878bfe8fd447eab77b1559157157f10b5001c8f7fff4e2c71f8e273c20f17a81d25ecbfc694005b5b3fad88be37e77f44d020474c03d4ab7def36469c3f91cc

    • SSDEEP

      98304:aWSdjmMgDQZudIOWsP/hKrXhDRjSFEK/nEeBGeQdo1JKexYw2kFJeqTY:CmM3WHPMPjSfvEXBpwhFJeEY

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks