General

  • Target

    134db5e7f3bacd0fceb73d95d82b80a1b5f2e17136e7b8344cfdb8636e7137ec

  • Size

    861KB

  • Sample

    241107-zfejmaycjf

  • MD5

    93ea6c3c05e81824a35f4af48ead95c6

  • SHA1

    d92379d7d4df19999096ef5c676fc57c83b9a437

  • SHA256

    134db5e7f3bacd0fceb73d95d82b80a1b5f2e17136e7b8344cfdb8636e7137ec

  • SHA512

    4bcaf71bb28c7853bb2ec455eaa031b9a3e46cdd837e9ef28d82dcf1888a9e6ddc2fcca819d9070a6dad00d3f406ce4a7dfbbd775b2a0c339f89a28abff68038

  • SSDEEP

    24576:yzuTs+0B+/b5tqMPaQVa+kUT1Ll/l00PD:Kuw+0GlcMPaQVr5dL

Score
8/10

Malware Config

Targets

    • Target

      134db5e7f3bacd0fceb73d95d82b80a1b5f2e17136e7b8344cfdb8636e7137ec

    • Size

      861KB

    • MD5

      93ea6c3c05e81824a35f4af48ead95c6

    • SHA1

      d92379d7d4df19999096ef5c676fc57c83b9a437

    • SHA256

      134db5e7f3bacd0fceb73d95d82b80a1b5f2e17136e7b8344cfdb8636e7137ec

    • SHA512

      4bcaf71bb28c7853bb2ec455eaa031b9a3e46cdd837e9ef28d82dcf1888a9e6ddc2fcca819d9070a6dad00d3f406ce4a7dfbbd775b2a0c339f89a28abff68038

    • SSDEEP

      24576:yzuTs+0B+/b5tqMPaQVa+kUT1Ll/l00PD:Kuw+0GlcMPaQVr5dL

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks