General
-
Target
29ce0132efcb5e1aad146065672d83b6b4ced076f1c91a851c8b34a30e7e08eb
-
Size
911KB
-
Sample
241117-nl5gfsyhkk
-
MD5
3dc6111263e1e236519080dbea81c1f1
-
SHA1
1600ba53fdd878a0d93e7eaabec5b82558c8d6f2
-
SHA256
29ce0132efcb5e1aad146065672d83b6b4ced076f1c91a851c8b34a30e7e08eb
-
SHA512
051c1588a01320d03845f4cfe4bd03dbd2a5281ef80313929397fe11da6a7e43848102b6f527d19c924d2f757b6feefb2dc1253cc34c11cd2d9d16b024827de8
-
SSDEEP
12288:AZRrXQ9TZweOjcQjabDu0zUmoKzHwIpwxyI1E4y0L4idflnXirA7PZxkR:QwOjdeut7Kslxy8fMrEa
Static task
static1
Behavioral task
behavioral1
Sample
29ce0132efcb5e1aad146065672d83b6b4ced076f1c91a851c8b34a30e7e08eb.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
29ce0132efcb5e1aad146065672d83b6b4ced076f1c91a851c8b34a30e7e08eb.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
29ce0132efcb5e1aad146065672d83b6b4ced076f1c91a851c8b34a30e7e08eb
-
Size
911KB
-
MD5
3dc6111263e1e236519080dbea81c1f1
-
SHA1
1600ba53fdd878a0d93e7eaabec5b82558c8d6f2
-
SHA256
29ce0132efcb5e1aad146065672d83b6b4ced076f1c91a851c8b34a30e7e08eb
-
SHA512
051c1588a01320d03845f4cfe4bd03dbd2a5281ef80313929397fe11da6a7e43848102b6f527d19c924d2f757b6feefb2dc1253cc34c11cd2d9d16b024827de8
-
SSDEEP
12288:AZRrXQ9TZweOjcQjabDu0zUmoKzHwIpwxyI1E4y0L4idflnXirA7PZxkR:QwOjdeut7Kslxy8fMrEa
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-