3e9170bb8c005a9689525f0ad3b5df1f774ce0b72fb44ccfe907ce0bb4db332f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e202dd319e539c455245f36a616428d29551dbda507754eac6394131ed5efbb.zip
Size

299KB
Sample

230308-pyks9ahd6s
MD5

2d804602733940ab280f81458ed00249
SHA1

4ec99fc6c3de441895b0df3c5b4808fd6500d23d
SHA256

3e9170bb8c005a9689525f0ad3b5df1f774ce0b72fb44ccfe907ce0bb4db332f
SHA512

8f19b4d965bc28484cfb5f08593a90b49a5b7d737b1d37ee2def3d8d7889f0566c66ffca82a8e09b50740e02520440f169ce952bcc607095ed7b0a75bb4d00dd
SSDEEP

6144:+r7XOu/UmQ+MX+HmKZ/f00Fx8AL9nKOqjjJ8fip0z9+LTMrC1iod6:+r7eu3EX+GKZ301CKO4t8fs0zAmC1b6

Score

8^/10

Malware Config

Targets

- Target
  
  8e202dd319e539c455245f36a616428d29551dbda507754eac6394131ed5efbb.vbs
- Size
  
  651KB
- MD5
  
  65c6b20a71381300f06361a91f8a8600
- SHA1
  
  ad9405175b85333341975efc778190be711d998d
- SHA256
  
  8e202dd319e539c455245f36a616428d29551dbda507754eac6394131ed5efbb
- SHA512
  
  5d1f27bbfb79fd1627d84762ac4d39ce833580fc5ea5961ab0c1cf9c428b39f51780d9ddf4ae6e2bdb81e8d68984c92f0065921af27ac58442bd3f7bba1d040e
- SSDEEP
  
  12288:PhBeNsxmLR4Bq/5QH3Oze+a0BiTreixCFnZ5l62PNEKyAKF3t:PbksmRbTzvS6HX5moKF3t
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2