Overview

overview

8

Static

static

ACCORD POU...DF.vbs

windows7_x64

8

ACCORD POU...DF.vbs

windows10_x64

8

Resubmissions

09-08-2024 08:38

240809-kjxr2sycnr 10

27-07-2020 18:35

200727-l5jrnfh3sx 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ACCORD POUR COMMISSION A PRELEVER.PDF.vbs

  • Size

    246KB

  • Sample

    200727-l5jrnfh3sx

  • MD5

    6b23cda6ddc86713d63e5b6bb853a909

  • SHA1

    7c12556e23a5b283846572fc9a1d70b01d306c1d

  • SHA256

    3cdadd4d8492cfe342f9f74529566ed6c1b451ba669509b59ffaf2965bce0750

  • SHA512

    9bd88a406202b539ec6cfb271c7c02b0ac2659d3c925aed20d1680d919f841fbef89566d33f29cca2fd1ebd5641b5a7ee17562eaa5dce447f89256cc470f1eeb

Score
8/10
persistence

Malware Config

Targets

    • Target

      ACCORD POUR COMMISSION A PRELEVER.PDF.vbs

    • Size

      246KB

    • MD5

      6b23cda6ddc86713d63e5b6bb853a909

    • SHA1

      7c12556e23a5b283846572fc9a1d70b01d306c1d

    • SHA256

      3cdadd4d8492cfe342f9f74529566ed6c1b451ba669509b59ffaf2965bce0750

    • SHA512

      9bd88a406202b539ec6cfb271c7c02b0ac2659d3c925aed20d1680d919f841fbef89566d33f29cca2fd1ebd5641b5a7ee17562eaa5dce447f89256cc470f1eeb

    Score
    8/10
    persistence

    • Blacklisted process makes network request

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks