4be2cf5401e99bf3e1ce388004ae86aff0e170bfd369ee0d9204bd60f56327a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20230306-1000_OFERTA_0000015436812_002323pdf.vbs
Size

608KB
Sample

230307-rwaavaad85
MD5

eab196e5433297aacb948116fef38de0
SHA1

44bb7c8b343f84371d61730a3c41b7698a774283
SHA256

4be2cf5401e99bf3e1ce388004ae86aff0e170bfd369ee0d9204bd60f56327a2
SHA512

fdba8e98a1536d00a49b2c1b59aa1c8b41d28342243f2c8aad8e470ddddb8e23be1f9dca08203a767b37b710ca1c364947238e12dd8d93459cafdd1f2dcbb038
SSDEEP

12288:d368SenYUd4coIEl51ZXbv//QblVhxHD/2iuxg4kI6EtPNxABAi95V:d4rJ3Z7/MDeeFI3ri95V

Score

8^/10

Malware Config

Targets

- Target
  
  20230306-1000_OFERTA_0000015436812_002323pdf.vbs
- Size
  
  608KB
- MD5
  
  eab196e5433297aacb948116fef38de0
- SHA1
  
  44bb7c8b343f84371d61730a3c41b7698a774283
- SHA256
  
  4be2cf5401e99bf3e1ce388004ae86aff0e170bfd369ee0d9204bd60f56327a2
- SHA512
  
  fdba8e98a1536d00a49b2c1b59aa1c8b41d28342243f2c8aad8e470ddddb8e23be1f9dca08203a767b37b710ca1c364947238e12dd8d93459cafdd1f2dcbb038
- SSDEEP
  
  12288:d368SenYUd4coIEl51ZXbv//QblVhxHD/2iuxg4kI6EtPNxABAi95V:d4rJ3Z7/MDeeFI3ri95V
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2