General

  • Target

    2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620

  • Size

    840KB

  • Sample

    241113-znhw1syfra

  • MD5

    af65821d2f5fe034ca3d446323919fc2

  • SHA1

    e76a08a3d02185f0f5d2c03d292e04dcfad7d523

  • SHA256

    2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620

  • SHA512

    b6782ce22e2410c68edbf41cf5642400fa40b836577012b7ee1357980ec25256acc0f7e178e086dda9d80eca4cd9ee8aed4f9fce76fd0aa2502d5d0b44d7ae27

  • SSDEEP

    24576:0p7iek6rKytyOdGzA4j4+oH7SH59Tn1jd1AT:0p7zllcOdRyM7SHr5d1

Score
8/10

Malware Config

Targets

    • Target

      2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620

    • Size

      840KB

    • MD5

      af65821d2f5fe034ca3d446323919fc2

    • SHA1

      e76a08a3d02185f0f5d2c03d292e04dcfad7d523

    • SHA256

      2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620

    • SHA512

      b6782ce22e2410c68edbf41cf5642400fa40b836577012b7ee1357980ec25256acc0f7e178e086dda9d80eca4cd9ee8aed4f9fce76fd0aa2502d5d0b44d7ae27

    • SSDEEP

      24576:0p7iek6rKytyOdGzA4j4+oH7SH59Tn1jd1AT:0p7zllcOdRyM7SHr5d1

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks