b14185efe4b54d71feffe4dc964419b4639048efc50bb5f19c28e7d561263331 | Triage

Sharing

General

Target

B14185EFE4B54D71FEFFE4DC964419B4639048EFC50BB5F19C28E7D561263331
Size

11KB
Sample

221123-r12kwsda51
MD5

af9d84802eaab6530b57dae2f9465c4e
SHA1

15b0f91c446075c901998f5acf79bc4775e8db5e
SHA256

b14185efe4b54d71feffe4dc964419b4639048efc50bb5f19c28e7d561263331
SHA512

7ac17c97d63382c2b76d5adcdb71ab7dc7d9304841204263fd33df741db0263494660fdc3f3de16d989b77804369f7b2bc3447780ae70aeb1e2318c8f70f5280
SSDEEP

96:a+q7jFfcmDDEktWNLgKiuaFdJfnUGZg+KPHxQ7fNVEVIgK:K7Jfc0EXNLgKafU/xQ7ffE3K

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://4.204.233.44/Dll/Dll.ppam

Targets

- Target
  
  TW03GBVSFS0PDHS_001_PDF.vbs
- Size
  
  209KB
- MD5
  
  4a83206f2fe5b8c48d5fca63c420908c
- SHA1
  
  a2b534aa07ebaa3b452a1f4a9b05b6cd1b2c842f
- SHA256
  
  d88fc6590c4f50373cce292ca245fa77c0a3cecbab48564b8ef70c1051aa0aa6
- SHA512
  
  14e8a5a6f52bd2a5febe14669b242a38dc75567898e82c5bcaf3d3ef6173eecc14a486e9a4e9055bd55592d28eff24e6691dd7c41f3063ee679d56376caa0859
- SSDEEP
  
  96:i5fU56Igx1Ua7fLhwMwQgI5mPZFotzeSx8iamzdtaP1joXGhsS0:yfU0Igx1Ua7fLhwMwrI8PLotzeSx8i7Z
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2