Overview

overview

8

Static

static

1

lnvoice #7...df.vbs

windows7-x64

3

lnvoice #7...df.vbs

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    lnvoice #72993 pdf.vbs

  • Size

    8KB

  • Sample

    230816-q1vlxada5s

  • MD5

    267ec14523d9fda264f9fbee934eebe0

  • SHA1

    e19bfb59009da3d192f024222070e01a9a1bb258

  • SHA256

    19a3ad194ce6897b529e09a60beb959520e5fc70930d95393d304a42a70a7119

  • SHA512

    a2d95be94aa3629e4be2341135213caf486426e36ca34fd1a89e38767ed0257f08e90bd2b694e6b3134495cde9cf746845c54141a7e4ecec2d468c34b6622652

  • SSDEEP

    24:vOOOOOOamMMM9Mk4wMUMbwMRMUMqMMMBeMZMTMoMVnnLecYMSQxH:6mKywV8V9nDW

Score
8/10
persistence

Malware Config

Targets

    • Target

      lnvoice #72993 pdf.vbs

    • Size

      8KB

    • MD5

      267ec14523d9fda264f9fbee934eebe0

    • SHA1

      e19bfb59009da3d192f024222070e01a9a1bb258

    • SHA256

      19a3ad194ce6897b529e09a60beb959520e5fc70930d95393d304a42a70a7119

    • SHA512

      a2d95be94aa3629e4be2341135213caf486426e36ca34fd1a89e38767ed0257f08e90bd2b694e6b3134495cde9cf746845c54141a7e4ecec2d468c34b6622652

    • SSDEEP

      24:vOOOOOOamMMM9Mk4wMUMbwMRMUMqMMMBeMZMTMoMVnnLecYMSQxH:6mKywV8V9nDW

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Drops startup file

    • Registers COM server for autorun

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks