48fba5d444a22788a5af05926c24da0d1fa4c766159720c1aecbd3ce27e0f2bc | Triage

Resubmissions

30/05/2023, 08:39

230530-kknkrsgh21 8

Sharing

Copy URL Twitter E-mail

General

Target

REQUEST FOR A QUOTATION.lzh
Size

64KB
Sample

230530-kknkrsgh21
MD5

6482a01ffedb087c5d084821bc97a003
SHA1

95d35def63bc863ca6b01526b6d600563c64f564
SHA256

48fba5d444a22788a5af05926c24da0d1fa4c766159720c1aecbd3ce27e0f2bc
SHA512

6db03612ca8f1011905500c12cf536671715ba675ebf29f46c51916424ed57d465a6794620f5df911d664cc047f1cf7ae176370324ddf92ca3c05889e9c2ace3
SSDEEP

1536:UQLu9b9fu6+OvJJnsUv+arEgFE/317b3SaR1bmGGk:PMx7yUvEgFE/17j3R16GGk

Score

8^/10

Malware Config

Targets

- Target
  
  REQUEST FOR A QUOTATION.vbs
- Size
  
  839KB
- MD5
  
  6f094459189531131843f9d75ee5a157
- SHA1
  
  a48c4f1c06732cdcdbdf3b722423436f94b3d959
- SHA256
  
  4c7f4577c469cd35c53e0a200eb26515eb998cd3ccf7bef589ee9f85f61f255f
- SHA512
  
  f3c24462b25b2b7b1acf41f921df5508d8716197b25bfe0f75fc2037e45dddd7b65c06bfcd41f1ee03e868d5e4a84662524b35072b54f7c3e499af216624bdc4
- SSDEEP
  
  3072:0iGPwfkYFEhNe4VTdRnTT8w4TWE6ox1jovvnaJDbUC4oZqs5gt5pn+og0S7wQzSM:awfkYFiO9ZqQ
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2