c0f447441f61077cf779e8d0d17bf67c426108a8380e8afeec2aa28d4add28c2 | Triage

Sharing

General

Target

acz_ord_conf.vbs
Size

496KB
Sample

230214-kc1v5abc9s
MD5

c6e89de0c4c622bbdb6eb63c3912c722
SHA1

8075ca67e3808fca03fd527f87788256e8b5beea
SHA256

c0f447441f61077cf779e8d0d17bf67c426108a8380e8afeec2aa28d4add28c2
SHA512

f574e6085ea512451c9426abb44b96edb7088fa7e7846f7af5a4f3bb093570abf704a1082628bb89beec9bb971d167f50816a64cf2f2c951594e2e00748e7c74
SSDEEP

6144:V81GjOwC6/99AEcYFEHxUZTS1HN2Oow9OffnLlmSZvIpHgZQ7nD258so2eCQPYoe:EoTc/ACN5owIffnLoH3nCiso8cK

Score

8^/10

Malware Config

Targets

- Target
  
  acz_ord_conf.vbs
- Size
  
  496KB
- MD5
  
  c6e89de0c4c622bbdb6eb63c3912c722
- SHA1
  
  8075ca67e3808fca03fd527f87788256e8b5beea
- SHA256
  
  c0f447441f61077cf779e8d0d17bf67c426108a8380e8afeec2aa28d4add28c2
- SHA512
  
  f574e6085ea512451c9426abb44b96edb7088fa7e7846f7af5a4f3bb093570abf704a1082628bb89beec9bb971d167f50816a64cf2f2c951594e2e00748e7c74
- SSDEEP
  
  6144:V81GjOwC6/99AEcYFEHxUZTS1HN2Oow9OffnLlmSZvIpHgZQ7nD258so2eCQPYoe:EoTc/ACN5owIffnLoH3nCiso8cK
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2