f6f27dd7350760c987a73ed8142bb6874a8c1d652abf9a3de20c0d6316c47b3b | Triage

Sharing

General

Target

f6f27dd7350760c987a73ed8142bb6874a8c1d652abf9a3de20c0d6316c47b3bvbs_JC.vbs
Size

168KB
Sample

230815-tpjbaabg65
MD5

1a0fa32e8a632de14603c8d0da0cccce
SHA1

e3735b6200a5cc972bb2e92b625bcf239d881628
SHA256

f6f27dd7350760c987a73ed8142bb6874a8c1d652abf9a3de20c0d6316c47b3b
SHA512

b86346b8dd06f67c98426750db985adc8a9f1226c8e21a54d116ff6a0baae276ea29aeebbcc1eaf009ed2bd013206dea7a7c80bdcb1b6552c49be35166188fa5
SSDEEP

3072:iK9F2mPpWppp2mpppppR2+pSpZOuZppWuzmxY:F

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/dstpKjTz

Targets

- Target
  
  f6f27dd7350760c987a73ed8142bb6874a8c1d652abf9a3de20c0d6316c47b3bvbs_JC.vbs
- Size
  
  168KB
- MD5
  
  1a0fa32e8a632de14603c8d0da0cccce
- SHA1
  
  e3735b6200a5cc972bb2e92b625bcf239d881628
- SHA256
  
  f6f27dd7350760c987a73ed8142bb6874a8c1d652abf9a3de20c0d6316c47b3b
- SHA512
  
  b86346b8dd06f67c98426750db985adc8a9f1226c8e21a54d116ff6a0baae276ea29aeebbcc1eaf009ed2bd013206dea7a7c80bdcb1b6552c49be35166188fa5
- SSDEEP
  
  3072:iK9F2mPpWppp2mpppppR2+pSpZOuZppWuzmxY:F
Score

10^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2