c410684799d2bc68f9f06e206381e7f1fc6336642df8d48346a9b3357ada7db4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Radicado #1-2022-028101_8002465216546165465651_265465165465165a6654ff564216165ca1654215648984461ca894364614846489a489498165489498489ff89419849815564pdf.vbs
Size

238KB
Sample

221003-v855tshccl
MD5

518a1bd0764ca25fcf36d8a55bf2ebd9
SHA1

d6e490cdf33972c115a035631a3db91e527b0ef3
SHA256

c410684799d2bc68f9f06e206381e7f1fc6336642df8d48346a9b3357ada7db4
SHA512

b746019d51c04f97c75bbbe6ae65a74521120cb73aefee0a306c09088b2b1905d25f78c5b7e220962c2c34d11dd8bff082fef8056557acdb404e577dfcf0613b
SSDEEP

48:sK0mjzlXJj5NzzBWsoMtssbs0Qs+PM/d9Z9s3XEHDzzAA:sKDF9n0JMtswebEjAsDoA

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://contadoreshbc.com/dll_startup

Targets

- Target
  
  Radicado #1-2022-028101_8002465216546165465651_265465165465165a6654ff564216165ca1654215648984461ca894364614846489a489498165489498489ff89419849815564pdf.vbs
- Size
  
  238KB
- MD5
  
  518a1bd0764ca25fcf36d8a55bf2ebd9
- SHA1
  
  d6e490cdf33972c115a035631a3db91e527b0ef3
- SHA256
  
  c410684799d2bc68f9f06e206381e7f1fc6336642df8d48346a9b3357ada7db4
- SHA512
  
  b746019d51c04f97c75bbbe6ae65a74521120cb73aefee0a306c09088b2b1905d25f78c5b7e220962c2c34d11dd8bff082fef8056557acdb404e577dfcf0613b
- SSDEEP
  
  48:sK0mjzlXJj5NzzBWsoMtssbs0Qs+PM/d9Z9s3XEHDzzAA:sKDF9n0JMtswebEjAsDoA
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2