Overview

overview

8

Static

static

3

remittance...50.exe

windows7-x64

8

remittance...50.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    397529bd92300eaf1575ebf2de4a3971f809191e52fcc60973ddc325ec83ad91

  • Size

    746KB

  • Sample

    241120-detfhatpbl

  • MD5

    d28a10bd6db1b937e9af72002b3abf13

  • SHA1

    da63c9e0e2090e6e2167fe774ecb59fc4c23d5d8

  • SHA256

    397529bd92300eaf1575ebf2de4a3971f809191e52fcc60973ddc325ec83ad91

  • SHA512

    df2783a5fc8dfaa2778bedd1410ebf6dc477dbe23cc2677e9b9159686360def50cba2b798e27577b5d94f47957e5dd8277338c93575e8d9eaa494ed47a879529

  • SSDEEP

    12288:Z/WAgGhFC1Byl7dFyE/1JPvglFn3o1HAN7QOYEyaJ6IQeNsjIOXUR4H5Z:ZeAJnDyEbPYl53o1gqOYEyawIQasjlbX

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      remittance_20Nov2024_163550.exe

    • Size

      778KB

    • MD5

      e1e032aa58ed92552518651f55a4ccdc

    • SHA1

      5bc92573e456b9d98c90bda6ce00fb85d17b5f06

    • SHA256

      819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772

    • SHA512

      dd23fd8101658adec5476851178aa53fec2ec9aaa0c31f07447c994b1258d152cbc455c45bfbf4a697a663e2524da1aa216c20b1f1d2c4144557c4e4effe9e40

    • SSDEEP

      24576:KQ3Ag1Scj0glx3oLsq4Ymiacm4G2YaVlR:KQQyxggvbqbmoopaVlR

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks