65562be31d12a17b584e23153058611a497ac42e84595491afcede927e45cd0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b6c8776a31b8d3bea3c5b01e835974eab61a28ceef2661f375493620918c56f.zip
Size

295KB
Sample

230308-nhdvbsga26
MD5

64fe2d7690e999ecb0cae37eddf027bd
SHA1

cbc58c223bd65b9d476fa37b57f73fee56cfd90c
SHA256

65562be31d12a17b584e23153058611a497ac42e84595491afcede927e45cd0f
SHA512

c609d310352273efbbfed3d50058b344690057770e0f6ee244530d4c4f25f0874367482398251061d9f0a55605e83134c1b55db86489a8507db04e894b2dd298
SSDEEP

6144:nDUGW1g2wAIsKcMQseMklCEIx+5qUDjv477IKZq7U:DUdK2FDqklbXnw77I6aU

Score

8^/10

Malware Config

Targets

- Target
  
  0b6c8776a31b8d3bea3c5b01e835974eab61a28ceef2661f375493620918c56f.vbs
- Size
  
  642KB
- MD5
  
  791f78299b068e26b702b1b0c54c0417
- SHA1
  
  461c4a70f8a083e3565816161eeaabd1bdaf6592
- SHA256
  
  0b6c8776a31b8d3bea3c5b01e835974eab61a28ceef2661f375493620918c56f
- SHA512
  
  3826229f02637b703440f8f51856ab61ee515a28902777ec505d92603a3a752361f0c0d6223f51c30b4a5484de65cb3b08f414ba38c41a0d3b31738d97e7b8a2
- SSDEEP
  
  12288:zt9mMykiZo+FxNsUV7oBvwQzpBKtPN/B9AzZHDl:znutoxNTMx8zZHZ
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2