278a198c13e8d5ee3da90771f8d2318801002b8cf61dcb29f651c4fa51a81d3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cartadepagovbs.vbs
Size

316KB
Sample

230710-sa2zeace6x
MD5

30e487d84ea2d991860beb0874c38d34
SHA1

789e6b79a3ec8e9c848022270ac074eaf40eeb60
SHA256

278a198c13e8d5ee3da90771f8d2318801002b8cf61dcb29f651c4fa51a81d3d
SHA512

a12cb8af098fc2c91800163fc5e9cd67937e2ff845e9cbe6c19ae2916de3cba13778c9a8740c81cb00b1a3c3ab4f2dc6d097224121ffdc3d000f86fda89a3d57
SSDEEP

1536:xIgyZccvQvgpNpaJU+ogsUJW4Wrle/PhG+/kery+bGL9oqOP5tn5j0rV0nbyPuPd:TgpNpV+og0S7BqOPT5Pn2V8

Score

8^/10

Malware Config

Targets

- Target
  
  cartadepagovbs.vbs
- Size
  
  316KB
- MD5
  
  30e487d84ea2d991860beb0874c38d34
- SHA1
  
  789e6b79a3ec8e9c848022270ac074eaf40eeb60
- SHA256
  
  278a198c13e8d5ee3da90771f8d2318801002b8cf61dcb29f651c4fa51a81d3d
- SHA512
  
  a12cb8af098fc2c91800163fc5e9cd67937e2ff845e9cbe6c19ae2916de3cba13778c9a8740c81cb00b1a3c3ab4f2dc6d097224121ffdc3d000f86fda89a3d57
- SSDEEP
  
  1536:xIgyZccvQvgpNpaJU+ogsUJW4Wrle/PhG+/kery+bGL9oqOP5tn5j0rV0nbyPuPd:TgpNpV+og0S7BqOPT5Pn2V8
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2