4fb643601b18870623a6ad6b4791ab7d6911815be50ab55e24254fdc541027e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

H.zip
Size

101KB
Sample

230412-qfjc5sea2x
MD5

948ca80b809b6ddfa94cf9193ad58e98
SHA1

fe68f6a5655be9e812cea4b003ad5098bd7ad326
SHA256

4fb643601b18870623a6ad6b4791ab7d6911815be50ab55e24254fdc541027e2
SHA512

e3b2b31c4097482ba09928dd3a7168d33f8e1c21c0a7d2ab9e4be8301eed6200e2e35bedf2a80474b01351755e477f14bc4372d070bab312f8c9445ba9552b02
SSDEEP

1536:ysrAThExMOyXkQ+WShcjcWf+ofT8KiJzUFH7vI2F7XOT0xtRtbIbo02QWT:S1EKzCWv4gQPU57w2eQrbIcCWT

Score

8^/10

Malware Config

Targets

- Target
  
  Pryetzf.wsf
- Size
  
  239KB
- MD5
  
  ab0e6bc1caa69e44b742ce3144b58669
- SHA1
  
  714577ed7130243e3d10e87f950ae6d08ebe2849
- SHA256
  
  d34a795ffbb4531a828d6af74df3bd0d06d02fc645e5617dc74ab239b915dfeb
- SHA512
  
  12fdd4bdb7a3a19a0113e62e630d002776ad43704205c28eda0df110820a93af8581c9d27d338113792be91531b1f9b4d813f68dc48a232d25812656bc81bcd7
- SSDEEP
  
  6144:tB1RO8152lGM7Cd8t2vsfULNNmdKp974ay8hiFpr5:GGMO8t2vM6aWyvFpr5
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2