381c6a941219b0721fba408c5c6ab51fe913cc6c951496379cfc280927d4c066 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

factura de entrega.pdf.vbs
Size

60KB
Sample

230310-hqzh4sdg3z
MD5

f9aa561de929b51f2138ffa7f8b09107
SHA1

412e28fa47ad817f212a589000ba354895e89964
SHA256

381c6a941219b0721fba408c5c6ab51fe913cc6c951496379cfc280927d4c066
SHA512

059b13eec856dae48373922d0b9db1e1082cccfa33bc82b5139aad39437213c50f34e049530f1ae4ffe31908e81867c35d530445447e1b5bc0ae56229ff30cef
SSDEEP

768:TjzdfscwKSoyaXDKSRFlPfEp+5nblJtkbkmsk8Dic0ldGc8/ZpgzLvQ:rjFS5aXOSPli+FRrkbmDIdIRpYL4

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://185.29.10.113/Abor.pcz

Targets

- Target
  
  factura de entrega.pdf.vbs
- Size
  
  60KB
- MD5
  
  f9aa561de929b51f2138ffa7f8b09107
- SHA1
  
  412e28fa47ad817f212a589000ba354895e89964
- SHA256
  
  381c6a941219b0721fba408c5c6ab51fe913cc6c951496379cfc280927d4c066
- SHA512
  
  059b13eec856dae48373922d0b9db1e1082cccfa33bc82b5139aad39437213c50f34e049530f1ae4ffe31908e81867c35d530445447e1b5bc0ae56229ff30cef
- SSDEEP
  
  768:TjzdfscwKSoyaXDKSRFlPfEp+5nblJtkbkmsk8Dic0ldGc8/ZpgzLvQ:rjFS5aXOSPli+FRrkbmDIdIRpYL4
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2