fe91eaf1edcfee57a57e9cc45b61d539cc8f3088f111799ef711830a7400234e | Triage

Sharing

General

Target

ЦИТАТА.zip
Size

644KB
Sample

241121-pf3akswphm
MD5

73ce3fed7a3c6cd9c0972d59ba86f934
SHA1

21b99a67745df1ecd69f0ed449de7fb5d90e0da7
SHA256

fe91eaf1edcfee57a57e9cc45b61d539cc8f3088f111799ef711830a7400234e
SHA512

20de80e3810bee1a2fc75b8b74b16ef209ab94fc78ef157abc4217feb3d65717469cdff1ae83c3c03138c519290c118d70f3a58fee064b38cf0cb998c02294d4
SSDEEP

12288:+UARXcLplaezfAglgEQNnTQEbu+SlK2tXVzjZxLlgYFyTbXRwP78lDnqHfHM:okptzfAMRQNnXSE2tVBxozOYlDnqPM

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  ЦИТАТА.exe
- Size
  
  676KB
- MD5
  
  57d485ab07368d3d7fbd1b62b8bb6a5f
- SHA1
  
  15749ab51781854689d73a7f7a94d6052546fa9a
- SHA256
  
  2efd54686c3942f7778ae4ad63c002e50d1fd2a08fac36ac770dff40cb3e3788
- SHA512
  
  7abdbfad7c6ba7956b580c6656d4224ac5023c6df7754a35025bd82b6190f543cd35bf220e3130070799599b10b7b017e2a262d971fab29dd62e2c372a4b6118
- SSDEEP
  
  12288:vrOd+Ri3AgFd13C1/CYU0EY5ZLl2YFye+JwP78lprlDfB:tQ3Ag13EKx0BR+2YlppD5
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution