Overview

overview

10

Static

static

1

03281599.vbs

windows7-x64

10

03281599.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03281599.vbs

  • Size

    1.2MB

  • Sample

    230526-h784waec93

  • MD5

    5cd2f2a5766ad1ac7be8a3d3eb7c5a51

  • SHA1

    e1c05ac20d4f9f278dc48b8ae4a07cddd27c39c0

  • SHA256

    2894544e7e6d165cbc56e9b4f096b657934f23420af9a119d72a04a122d3725b

  • SHA512

    fafaf428e1d22e07286ec341e76a66c6bcc867ab83c04394703629d03338e9cbdde3e11973879f64d53cca6a6cbe3b6f11cc6ccdae66436989df43cfc5a7bb03

  • SSDEEP

    24576:7euj3hp+N3Lu1hiH2rbqQGbB7I3RgAffIl7yfW:7em3h03y1hiHxls3RS7yfW

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=1-R3r3SEIXJtsxvIGl9F3JR1EiblvLOtW

Targets

    • Target

      03281599.vbs

    • Size

      1.2MB

    • MD5

      5cd2f2a5766ad1ac7be8a3d3eb7c5a51

    • SHA1

      e1c05ac20d4f9f278dc48b8ae4a07cddd27c39c0

    • SHA256

      2894544e7e6d165cbc56e9b4f096b657934f23420af9a119d72a04a122d3725b

    • SHA512

      fafaf428e1d22e07286ec341e76a66c6bcc867ab83c04394703629d03338e9cbdde3e11973879f64d53cca6a6cbe3b6f11cc6ccdae66436989df43cfc5a7bb03

    • SSDEEP

      24576:7euj3hp+N3Lu1hiH2rbqQGbB7I3RgAffIl7yfW:7em3h03y1hiHxls3RS7yfW

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks