General

  • Target

    NOT A VIRUS RUN TURN OFF ANTIVIRUS.exe

  • Size

    444KB

  • Sample

    250108-fxyt2sxrdm

  • MD5

    4b80ce9b09f66de598cd62ed65023a67

  • SHA1

    6806afeb86cbe5d35e1738743d4946a7cecbd1b2

  • SHA256

    2f76c5b27fc74986634ca1c3835f056d7e08b9d17f81f5277c20db4c86b7f2c5

  • SHA512

    f96e5a2f7f3131ba26a260b789be24b6c5c720c5fda234f457763427edb5d51307b968aedccb7609b2db79d8be20117dd3941d7186c62541c7721bb928146843

  • SSDEEP

    12288:NF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9oZ:zHSZqoXuWPzloMaI9oZ

Malware Config

Targets

    • Target

      NOT A VIRUS RUN TURN OFF ANTIVIRUS.exe

    • Size

      444KB

    • MD5

      4b80ce9b09f66de598cd62ed65023a67

    • SHA1

      6806afeb86cbe5d35e1738743d4946a7cecbd1b2

    • SHA256

      2f76c5b27fc74986634ca1c3835f056d7e08b9d17f81f5277c20db4c86b7f2c5

    • SHA512

      f96e5a2f7f3131ba26a260b789be24b6c5c720c5fda234f457763427edb5d51307b968aedccb7609b2db79d8be20117dd3941d7186c62541c7721bb928146843

    • SSDEEP

      12288:NF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9oZ:zHSZqoXuWPzloMaI9oZ

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks