59cab374369d9a00f8224abcee7bf67d6bbd26bc75b5be27e6f899cc0015531a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Order List(Draft) 9419-PDF.vbs
Size

393KB
Sample

221017-q2ebbacbcq
MD5

f79c51ebe26b41ef84e5229b21c30dfa
SHA1

919d33f1bf63a1170a9f1a8d09a5dece0fc64e01
SHA256

59cab374369d9a00f8224abcee7bf67d6bbd26bc75b5be27e6f899cc0015531a
SHA512

fd16c5cb008621ceea82b27b23f83f24e087dc895e1198677d5d47ae47570e44b90e17b5ee9db925ba70f07d0e2b6004caf51db6a340fd38e973b96408e7a03c
SSDEEP

6144:1Cv4106t6Al5vJMoLOMjdVV06zYtzwiS0m60GaeeWsloiwxtkWz:144VjlxJMoi+dZsRwR0TsfplItk2

Score

8^/10

Malware Config

Targets

- Target
  
  Order List(Draft) 9419-PDF.vbs
- Size
  
  393KB
- MD5
  
  f79c51ebe26b41ef84e5229b21c30dfa
- SHA1
  
  919d33f1bf63a1170a9f1a8d09a5dece0fc64e01
- SHA256
  
  59cab374369d9a00f8224abcee7bf67d6bbd26bc75b5be27e6f899cc0015531a
- SHA512
  
  fd16c5cb008621ceea82b27b23f83f24e087dc895e1198677d5d47ae47570e44b90e17b5ee9db925ba70f07d0e2b6004caf51db6a340fd38e973b96408e7a03c
- SSDEEP
  
  6144:1Cv4106t6Al5vJMoLOMjdVV06zYtzwiS0m60GaeeWsloiwxtkWz:144VjlxJMoi+dZsRwR0TsfplItk2
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2