General
-
Target
29112024_1326_27112024_Inquiry 241128.Pdf.7z
-
Size
807KB
-
Sample
241129-qpwd3aslgm
-
MD5
fc083cc8b2646ac0c0e3c7e65918c209
-
SHA1
813526b98808c0695af5ae4c5f0cac974959dd23
-
SHA256
a654c852e1dc441eb077e2b07815e5114d798c210b9025371d6a9b7fbfc1b7d8
-
SHA512
65112832fe5794f566e6803e506a4797aa0707d8c377e434f949d0ae68a601353cc6f95536fd116931f5babbf82214663208f7049c37c0bb54049688712a83fb
-
SSDEEP
24576:baRvvoPjLi2Yi8PtEnedpLLqk00rQgp3oGm/:+RvvTiJnMT00rZYF/
Malware Config
Targets
-
-
Target
Inquiry 241128.exe
-
Size
896KB
-
MD5
bab35b6fe111a241883bdbd3f9996a30
-
SHA1
9901d14b05a9e8305a4660ead1a334571f7017fe
-
SHA256
2c67cd53627199ab4741a3fe73a317b1f91fd46544e06ed251b8ab8b444170a8
-
SHA512
d2be9b3dc1472cb8ca4cd110f09cd3e305ffa3dafa2725fd41eec601505a0ffabc68322f9a28d6548d8bfe9ce14a9cdc9e9a6f038fa7856cf7b32b9301aa77bb
-
SSDEEP
24576:k2xj0BZodxnaB89JG0Z7dFXue45xMP9LCnYnL:H+BZ0hBG0Z7+eOOPAnY
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-