Overview

overview

10

Static

static

USEN18112022J7474.vbs

windows7-x64

10

USEN18112022J7474.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    USEN18112022J7474.vbs

  • Size

    561KB

  • Sample

    221121-k5l8facf55

  • MD5

    c75626b024b9a58ec0f475bdc8a87eb5

  • SHA1

    062971c3edf0f298063da181b0acc128c9c08623

  • SHA256

    1240040c7e02e6c608d6989c4c79903969fb2bd04fa0a4778613e494bbaf8223

  • SHA512

    cdc8dc82abe360ef7dbd9420ef51643ccc067d6b13b81cd52c0b29e4f846c79f27b2719e05da0567df71e80edd503dbd5b57e475dbc6a47646590d7da949e168

  • SSDEEP

    192:4nhv/+HqdWHiFzfoE12S/j14ta1k0X1Pbk:eQg1Q

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://firebasestorage.googleapis.com/v0/b/fir-3b506.appspot.com/o/dll%2Fdllnego.txt?alt=media&token=e81104ef-4af8-42d6-b5d7-265a338bccdb

Targets

    • Target

      USEN18112022J7474.vbs

    • Size

      561KB

    • MD5

      c75626b024b9a58ec0f475bdc8a87eb5

    • SHA1

      062971c3edf0f298063da181b0acc128c9c08623

    • SHA256

      1240040c7e02e6c608d6989c4c79903969fb2bd04fa0a4778613e494bbaf8223

    • SHA512

      cdc8dc82abe360ef7dbd9420ef51643ccc067d6b13b81cd52c0b29e4f846c79f27b2719e05da0567df71e80edd503dbd5b57e475dbc6a47646590d7da949e168

    • SSDEEP

      192:4nhv/+HqdWHiFzfoE12S/j14ta1k0X1Pbk:eQg1Q

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks