246d03f418d4eb9a19ead89eb7816714b6a69f920cfeea3d3d17c971ba4c6823 | Triage

Sharing

General

Target

246d03f418d4eb9a19ead89eb7816714b6a69f920cfeea3d3d17c971ba4c6823.exe
Size

121KB
Sample

241220-cr62paxlgl
MD5

5dce69c450262d7a5d48cdc8fccad2d7
SHA1

11cd8fa07e2314287099aaf4fbedb5dcc1fcf62a
SHA256

246d03f418d4eb9a19ead89eb7816714b6a69f920cfeea3d3d17c971ba4c6823
SHA512

7f5c2f5e6a02990adf6d638a8368f07a2f949dfedd7197e342c7467cc0ff4af5480ba2585060986f65e3f62efcdb80c037b89815db095326890269ef31db836a
SSDEEP

3072:MV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPJR:ht5hBPi0BW69hd1MMdxPe9N9uA069TBb

Score

8^/10

execution

Malware Config

Targets

- Target
  
  246d03f418d4eb9a19ead89eb7816714b6a69f920cfeea3d3d17c971ba4c6823.exe
- Size
  
  121KB
- MD5
  
  5dce69c450262d7a5d48cdc8fccad2d7
- SHA1
  
  11cd8fa07e2314287099aaf4fbedb5dcc1fcf62a
- SHA256
  
  246d03f418d4eb9a19ead89eb7816714b6a69f920cfeea3d3d17c971ba4c6823
- SHA512
  
  7f5c2f5e6a02990adf6d638a8368f07a2f949dfedd7197e342c7467cc0ff4af5480ba2585060986f65e3f62efcdb80c037b89815db095326890269ef31db836a
- SSDEEP
  
  3072:MV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPJR:ht5hBPi0BW69hd1MMdxPe9N9uA069TBb
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2