d9169b0f43abdc62b4411581489ca803f993e6081027f95a0a74daf463ee93cf | Triage

Sharing

General

Target

MarchH(BZvHm704).wsf
Size

231KB
Sample

230414-k1gr6aaf9t
MD5

384677472effe8a0ceb1004bc528bba5
SHA1

57711b5ff0a4c5069707794365d81aed6ff1386b
SHA256

d9169b0f43abdc62b4411581489ca803f993e6081027f95a0a74daf463ee93cf
SHA512

78ce1b14eb896e71523731574f8cc78fec3a63caa559bd084c3df1446df0c55ba2afcaa4a7dac0a2a285897079fc7776722f37044936392b3b861003738c31a7
SSDEEP

6144:tCxc0BulbD7CZkZTnidFvXJJCYsNXXVbeIwG:sxk5ZTid/JCbuG

Score

8^/10

Malware Config

Targets

- Target
  
  MarchH(BZvHm704).wsf
- Size
  
  231KB
- MD5
  
  384677472effe8a0ceb1004bc528bba5
- SHA1
  
  57711b5ff0a4c5069707794365d81aed6ff1386b
- SHA256
  
  d9169b0f43abdc62b4411581489ca803f993e6081027f95a0a74daf463ee93cf
- SHA512
  
  78ce1b14eb896e71523731574f8cc78fec3a63caa559bd084c3df1446df0c55ba2afcaa4a7dac0a2a285897079fc7776722f37044936392b3b861003738c31a7
- SSDEEP
  
  6144:tCxc0BulbD7CZkZTnidFvXJJCYsNXXVbeIwG:sxk5ZTid/JCbuG
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2