819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772 | Triage

Sharing

General

Target

819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772
Size

778KB
Sample

241121-jfhchstrhl
MD5

e1e032aa58ed92552518651f55a4ccdc
SHA1

5bc92573e456b9d98c90bda6ce00fb85d17b5f06
SHA256

819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772
SHA512

dd23fd8101658adec5476851178aa53fec2ec9aaa0c31f07447c994b1258d152cbc455c45bfbf4a697a663e2524da1aa216c20b1f1d2c4144557c4e4effe9e40
SSDEEP

24576:KQ3Ag1Scj0glx3oLsq4Ymiacm4G2YaVlR:KQQyxggvbqbmoopaVlR

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772
- Size
  
  778KB
- MD5
  
  e1e032aa58ed92552518651f55a4ccdc
- SHA1
  
  5bc92573e456b9d98c90bda6ce00fb85d17b5f06
- SHA256
  
  819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772
- SHA512
  
  dd23fd8101658adec5476851178aa53fec2ec9aaa0c31f07447c994b1258d152cbc455c45bfbf4a697a663e2524da1aa216c20b1f1d2c4144557c4e4effe9e40
- SSDEEP
  
  24576:KQ3Ag1Scj0glx3oLsq4Ymiacm4G2YaVlR:KQQyxggvbqbmoopaVlR
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution