Overview

overview

10

Static

static

1

835015_662_pdf.vbs

windows7-x64

10

835015_662_pdf.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    835015_662_pdf.vbs

  • Size

    106KB

  • Sample

    230301-xmje2shf97

  • MD5

    583a41d95573975ba2bc1cfff02197c8

  • SHA1

    f9fb4f66e7232c34ca8bb3e93a53559c547d222e

  • SHA256

    70e21664b3621d3174c570ffd18e539bb77111414e5667ae2aa4641dea54acd1

  • SHA512

    4653c4eff2f9f55e16c79305f67f607df228e66689947a6800a987036a938b2dd88e2ef254f511a4692b09646cfd26698663964ae3705e01d9ad9c12f1cfd7db

  • SSDEEP

    3072:4khvA5gZC2C3xGfkPiiP60adt57PtkBiJp+wJS9oXXBVVun8Wv:46vvZg56ndRWoHHVi

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://185.29.10.113/bebopsw.csv

Targets

    • Target

      835015_662_pdf.vbs

    • Size

      106KB

    • MD5

      583a41d95573975ba2bc1cfff02197c8

    • SHA1

      f9fb4f66e7232c34ca8bb3e93a53559c547d222e

    • SHA256

      70e21664b3621d3174c570ffd18e539bb77111414e5667ae2aa4641dea54acd1

    • SHA512

      4653c4eff2f9f55e16c79305f67f607df228e66689947a6800a987036a938b2dd88e2ef254f511a4692b09646cfd26698663964ae3705e01d9ad9c12f1cfd7db

    • SSDEEP

      3072:4khvA5gZC2C3xGfkPiiP60adt57PtkBiJp+wJS9oXXBVVun8Wv:46vvZg56ndRWoHHVi

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks