General

  • Target

    00946632671123ef391720a35b310261db3ea2f5a5761f583b8ce2bea566e3f3N.exe

  • Size

    855KB

  • Sample

    241110-2zls6awpc1

  • MD5

    f1a4d7abd9e29baadcc241a06cbb3793

  • SHA1

    f0d064f3825fff5d6cb84fabb743b9f03d6d5a63

  • SHA256

    cc27598956262f4307167e53edcc02af444d57d1c6de1b21917075a61d885f2a

  • SHA512

    731c8f1265c65993fe50229a9e495d3863b687eea0d07bc59ca0d7ae0a4c3e6966cae0695b5699f9b7281af8d2eef2dd589cdbedaf200517098ca2773c408c80

  • SSDEEP

    24576:LWV4E3PAxHi2qyR24aro5uaVwqi53cakR2QxCmNn:LWVdlwNQ2wqi53rksQxCmZ

Score
8/10

Malware Config

Targets

    • Target

      00946632671123ef391720a35b310261db3ea2f5a5761f583b8ce2bea566e3f3N.exe

    • Size

      855KB

    • MD5

      f1a4d7abd9e29baadcc241a06cbb3793

    • SHA1

      f0d064f3825fff5d6cb84fabb743b9f03d6d5a63

    • SHA256

      cc27598956262f4307167e53edcc02af444d57d1c6de1b21917075a61d885f2a

    • SHA512

      731c8f1265c65993fe50229a9e495d3863b687eea0d07bc59ca0d7ae0a4c3e6966cae0695b5699f9b7281af8d2eef2dd589cdbedaf200517098ca2773c408c80

    • SSDEEP

      24576:LWV4E3PAxHi2qyR24aro5uaVwqi53cakR2QxCmNn:LWVdlwNQ2wqi53rksQxCmZ

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks