ce9afd85592a8a55ee6d020b3582644e0e1249571a0443757cc31d7214597a78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

whatyoudowhereyouat.vbs
Size

325KB
Sample

230714-svnmhseh35
MD5

488acf579270c341ddf2616f04cd73f6
SHA1

a013ca4551c135af35d2af66ad8a6a1a14e00888
SHA256

ce9afd85592a8a55ee6d020b3582644e0e1249571a0443757cc31d7214597a78
SHA512

31051ba36949caae0293a12f8b2cbc9cbf5801293ce435208d4ca9ddaed0b78f490aa1e57c52425ea304f7442a9465104ad62b71b35c73e402a7b11c1101fbc1
SSDEEP

3072:I5n5L5XNsnn+Llpxn7sMxzakixvvspBOEeBQZxNj53e:RnkKMxzakZfNj5O

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://servidorarquivos.duckdns.org/e/e

Targets

- Target
  
  whatyoudowhereyouat.vbs
- Size
  
  325KB
- MD5
  
  488acf579270c341ddf2616f04cd73f6
- SHA1
  
  a013ca4551c135af35d2af66ad8a6a1a14e00888
- SHA256
  
  ce9afd85592a8a55ee6d020b3582644e0e1249571a0443757cc31d7214597a78
- SHA512
  
  31051ba36949caae0293a12f8b2cbc9cbf5801293ce435208d4ca9ddaed0b78f490aa1e57c52425ea304f7442a9465104ad62b71b35c73e402a7b11c1101fbc1
- SSDEEP
  
  3072:I5n5L5XNsnn+Llpxn7sMxzakixvvspBOEeBQZxNj53e:RnkKMxzakZfNj5O
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2