d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15 | Triage

Sharing

General

Target

droidddxxxPayloadvbs.vbs
Size

92KB
Sample

230701-jptrxagb23
MD5

3d54b88bf2b6bcd1126ef4eb20d9e9f9
SHA1

1fe4483c54fa7da0ea4ee769a36d8717da12e0d1
SHA256

d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15
SHA512

c5285a0b26d35bcfa60bf291ac924e09a6dd413ee93d4b0babfc71ce9dd34f3507bed4c7d8f704797f315d0125bd1a7eeda50ca855f1c3a16e090f2c67d960e6
SSDEEP

768:mnHGdUBDCKtfYjE3Luo4+eaWZxidnOk9p0YFPk9Wai2Y:OHGd+CKtfSo4+sxidnOk9p0YFNai2Y

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://172.174.176.153/dll/new_rump_vb.net.txt

Targets

- Target
  
  droidddxxxPayloadvbs.vbs
- Size
  
  92KB
- MD5
  
  3d54b88bf2b6bcd1126ef4eb20d9e9f9
- SHA1
  
  1fe4483c54fa7da0ea4ee769a36d8717da12e0d1
- SHA256
  
  d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15
- SHA512
  
  c5285a0b26d35bcfa60bf291ac924e09a6dd413ee93d4b0babfc71ce9dd34f3507bed4c7d8f704797f315d0125bd1a7eeda50ca855f1c3a16e090f2c67d960e6
- SSDEEP
  
  768:mnHGdUBDCKtfYjE3Luo4+eaWZxidnOk9p0YFPk9Wai2Y:OHGd+CKtfSo4+sxidnOk9p0YFNai2Y
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2