General

  • Target

    04c0f0bdeabba294fe264d44cd517de7ea9cc15f39323a6ad31e4c713a42fb64

  • Size

    1.2MB

  • Sample

    241107-zcf82s1lbl

  • MD5

    d2cc66c09a1ca375e5556e956822275f

  • SHA1

    adbe12938e7c238789f4ddf8f278b6d27d4d932c

  • SHA256

    04c0f0bdeabba294fe264d44cd517de7ea9cc15f39323a6ad31e4c713a42fb64

  • SHA512

    d18bcd2deb6e87d8c365c0cb987149c7224dd864fb3a4e29426ccbc4485acc5a17eb84e82089bced0a211ab9acfdf290e488bcd48a846ac7e8a11869e753ceba

  • SSDEEP

    24576:45RPT0fJKjwYZ/I0P/ekwSVzGHkw3lpjn9LmAC+eMmEHI:yGJKcYjOONGN1ln9LmN+ZmEH

Score
8/10

Malware Config

Targets

    • Target

      04c0f0bdeabba294fe264d44cd517de7ea9cc15f39323a6ad31e4c713a42fb64

    • Size

      1.2MB

    • MD5

      d2cc66c09a1ca375e5556e956822275f

    • SHA1

      adbe12938e7c238789f4ddf8f278b6d27d4d932c

    • SHA256

      04c0f0bdeabba294fe264d44cd517de7ea9cc15f39323a6ad31e4c713a42fb64

    • SHA512

      d18bcd2deb6e87d8c365c0cb987149c7224dd864fb3a4e29426ccbc4485acc5a17eb84e82089bced0a211ab9acfdf290e488bcd48a846ac7e8a11869e753ceba

    • SSDEEP

      24576:45RPT0fJKjwYZ/I0P/ekwSVzGHkw3lpjn9LmAC+eMmEHI:yGJKcYjOONGN1ln9LmN+ZmEH

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks