a8fa72f340b4a050ff28eb0406833c07a34f55ce5f2dd7497b6c5638d7b0b18d | Triage

Sharing

General

Target

first-inline-payload.tgz
Size

31KB
Sample

250414-edv4dazwfs
MD5

f1733076535b40fdbc2987a11c1ef0d5
SHA1

6b66522211bb70ce65240e4158044aa6a22d1f2f
SHA256

a8fa72f340b4a050ff28eb0406833c07a34f55ce5f2dd7497b6c5638d7b0b18d
SHA512

78e6dfa91aaca034de075c59d86c485e3c48720e69e2ece534bac0282c98a262f1e1509bab62967ff11b8c92a9d3eed2d79a7f6572e2982f077eafda8ecc2917
SSDEEP

768:PoE9Lp14Q5rMoSMks4d0o8+Em3dnOzHJ5iPsu68xP5eZ:PZX/ma4DOzHfUsu688Z

Score

8^/10

execution

Malware Config

Targets

- Target
  
  first-inline-binary
- Size
  
  90KB
- MD5
  
  abeaaa41b153915e7c4f0887a9ed3bba
- SHA1
  
  5fe7a2524e88e97d2d70e40cd205f94ef16faf2d
- SHA256
  
  13db408a3232ea31aab8edc648b6c315782db9516e1c08c6bd667e17f5dd147c
- SHA512
  
  b6cd8ce2ba74c698dfaaa0c74e8776f242ba7f600e83058c9ecefbca1694931ed2a7e54d5c3b5d68a30baa713da740dbbe7f81d959e0437f4ad78d1546c33a5e
- SSDEEP
  
  768:afhkeh3OflykbetIEtYumtiWks9BzIhB9QPtqaMgLmwBx9q9wc5igqbwEad:Khk+OfskqIwYu+7kguL9wqXgpspAgeod
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1