26176205211fdce7ad34cf10d72f178f1646e913e368f0f5bcc325e5428a69cc | Triage

Sharing

General

Target

HWX.vbs
Size

269KB
Sample

230831-qf7qqseg9x
MD5

eff515cd80fca123c65f7ed20d7f071f
SHA1

6f7bf5b871e413f40f1c23e7953251d0fabbbf95
SHA256

26176205211fdce7ad34cf10d72f178f1646e913e368f0f5bcc325e5428a69cc
SHA512

f2959e3b6b618eca7f96b720c293fb47474440e0a65e838cd588af5078131a0c93bc76c151fd277a65e5f96e1b51d0bc4a56f657bae3a3d2ebe831017b78375e
SSDEEP

6144:t7jmLQQJm7ILm5BmZMLpRKsEAlOb4b5bdZ7ZmZ8Z7V:t7jmLQQJm7ILm5BmZMLp4sEAT

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  HWX.vbs
- Size
  
  269KB
- MD5
  
  eff515cd80fca123c65f7ed20d7f071f
- SHA1
  
  6f7bf5b871e413f40f1c23e7953251d0fabbbf95
- SHA256
  
  26176205211fdce7ad34cf10d72f178f1646e913e368f0f5bcc325e5428a69cc
- SHA512
  
  f2959e3b6b618eca7f96b720c293fb47474440e0a65e838cd588af5078131a0c93bc76c151fd277a65e5f96e1b51d0bc4a56f657bae3a3d2ebe831017b78375e
- SSDEEP
  
  6144:t7jmLQQJm7ILm5BmZMLpRKsEAlOb4b5bdZ7ZmZ8Z7V:t7jmLQQJm7ILm5BmZMLp4sEAT
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2