69f7dc06b1f97d8d8f7de846cee8c0b3449f68186960a6f634b29ed8fe82ac99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a.vbs
Size

185KB
Sample

230918-v8rx7sbb9t
MD5

eed157ae3601181776595a1c3e1a4496
SHA1

5ed5df22d8c26d4e66affb93ff10137a93704d4d
SHA256

69f7dc06b1f97d8d8f7de846cee8c0b3449f68186960a6f634b29ed8fe82ac99
SHA512

6cafc647f539a26a83102d985d126714367184a83790ae1b6a8e22cd65d2999b8cfbbb092d9c859d86734297fc62937115dab10dca4e455626ebbced4ab6b486
SSDEEP

3072:1NpNpNpNpNpNqNpNpNpNpNpNNNpNpNpNpNpNiNpNpNpNpNpNPNpNpNpNpNpNrNpm:rnnnnnUnnnnnjnnnnnsnnnnnVnnnnnJY

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  a.vbs
- Size
  
  185KB
- MD5
  
  eed157ae3601181776595a1c3e1a4496
- SHA1
  
  5ed5df22d8c26d4e66affb93ff10137a93704d4d
- SHA256
  
  69f7dc06b1f97d8d8f7de846cee8c0b3449f68186960a6f634b29ed8fe82ac99
- SHA512
  
  6cafc647f539a26a83102d985d126714367184a83790ae1b6a8e22cd65d2999b8cfbbb092d9c859d86734297fc62937115dab10dca4e455626ebbced4ab6b486
- SSDEEP
  
  3072:1NpNpNpNpNpNqNpNpNpNpNpNNNpNpNpNpNpNiNpNpNpNpNpNPNpNpNpNpNpNrNpm:rnnnnnUnnnnnjnnnnnsnnnnnVnnnnnJY
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2