e6f1122115111516986843823f09058283fe46d2eaaac9d711b60745bc9cbeed | Triage

Resubmissions

19/04/2023, 20:32

230419-zbc51afb7s 8

19/04/2023, 20:11

230419-yynpksfa81 8

Sharing

Copy URL Twitter E-mail

General

Target

5AE6CF853865B14527FED18BA85A0E73C2CFEF2DAF06E520A9CFEC29C3B33EFE.zip
Size

6KB
Sample

230419-zbc51afb7s
MD5

b1063eb90d4919cc02bb1fbae0c08fb3
SHA1

11131d82fc687e761997687e53c9ff6d35067be7
SHA256

e6f1122115111516986843823f09058283fe46d2eaaac9d711b60745bc9cbeed
SHA512

f7a3ac9538a9bd6eaab200bb13d693bf4712f68e8b50aed9417ccbf8a40598e5a819b66b902f9c8b6962aa12f6ca4649e05f2c2cf50b244ad94e10695b08bf11
SSDEEP

192:L7F3lhL7qpA56X6C+pcbdi9M79TO8U2vYd+:vj97jpceuiI

Score

8^/10

Malware Config

Targets

- Target
  
  5AE6CF853865B14527FED18BA85A0E73C2CFEF2DAF06E520A9CFEC29C3B33EFE.wsf
- Size
  
  17KB
- MD5
  
  766742366a9e54e72e1f7609801d9061
- SHA1
  
  8d6a4a5abe296b9e093cde82499e705451eeac69
- SHA256
  
  5ae6cf853865b14527fed18ba85a0e73c2cfef2daf06e520a9cfec29c3b33efe
- SHA512
  
  4b71004c92b9af7ec5ef42d9ff034ea6448de5470c63a59fea751a896848595a0fc4cc49adfe9efa50b5ea61395be951a72c5d223e680ae439705d8bf7960b6c
- SSDEEP
  
  384:5NezzfDVdVrq9yrDfn9GViWlhkeCzB3rJEBtjHa:0NMyrDfnlWlhkeCQj6
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2