3c89cb1c6c74747eadb40f158ea38751bd1a61acdc789b86f0acd0a107b689e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54689.vbs
Size

222KB
Sample

230524-jvsf2aca6y
MD5

e15e50d702fab1d1961c34cd26921be4
SHA1

6142c1d2b7d2c17c03152ed1f101eae42c94e4f4
SHA256

3c89cb1c6c74747eadb40f158ea38751bd1a61acdc789b86f0acd0a107b689e9
SHA512

234b905f488cb2758ff1dada1db4b4303c487fc4f835aea5e686a5d9568ca9ef284f11c413574835de0e42afe166550c039b92b0e5ad4635323e71ee8635ad5f
SSDEEP

768:XnHGdUBDCKtfYjE3Luo4+eaWa4hCAC3mYFPk9Wai2d:XHGd+CKtfSo4+n4hCAC3mYFNai2d

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://firebasestorage.googleapis.com/v0/b/tttttttt-e4b70.appspot.com/o/new_rump_vb.net.txt?alt=media&token=b27d42df-d877-4be0-ab6a-efe2fee3e2b3

Targets

- Target
  
  54689.vbs
- Size
  
  222KB
- MD5
  
  e15e50d702fab1d1961c34cd26921be4
- SHA1
  
  6142c1d2b7d2c17c03152ed1f101eae42c94e4f4
- SHA256
  
  3c89cb1c6c74747eadb40f158ea38751bd1a61acdc789b86f0acd0a107b689e9
- SHA512
  
  234b905f488cb2758ff1dada1db4b4303c487fc4f835aea5e686a5d9568ca9ef284f11c413574835de0e42afe166550c039b92b0e5ad4635323e71ee8635ad5f
- SSDEEP
  
  768:XnHGdUBDCKtfYjE3Luo4+eaWa4hCAC3mYFPk9Wai2d:XHGd+CKtfSo4+n4hCAC3mYFNai2d
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2