068536ef2ccdc4c09fe3da66f911453be231263e8180c817899dbc2872547d16

General

Target

EDF.vbs
Size

310KB
Sample

230921-qk3ycaab64
MD5

cbf05819243b31316e14ee97ea658361
SHA1

c622321a755761d7c9e9788af0adce9eaa3d18e3
SHA256

068536ef2ccdc4c09fe3da66f911453be231263e8180c817899dbc2872547d16
SHA512

66ac258f43efc76d7db466cc1377b680b88b68648e41a7abf0386a5282ee210c9ec7be6ac4dd29269627d2f13ae1710b6cde24285042fd233045f896360bb6df
SSDEEP

3072:97r/OGPcq3rX5Jcog033nHam2BWntVSbPXM4nnbaB1Hlb9WSWMyprZkXnlOhljes:9/OGPcq3rX5bu

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/614/895/original/rump_vbs.jpg?1695246171

exe.dropper

https://uploaddeimagens.com.br/images/004/614/895/original/rump_vbs.jpg?1695246171

Targets

- Target
  
  EDF.vbs
- Size
  
  310KB
- MD5
  
  cbf05819243b31316e14ee97ea658361
- SHA1
  
  c622321a755761d7c9e9788af0adce9eaa3d18e3
- SHA256
  
  068536ef2ccdc4c09fe3da66f911453be231263e8180c817899dbc2872547d16
- SHA512
  
  66ac258f43efc76d7db466cc1377b680b88b68648e41a7abf0386a5282ee210c9ec7be6ac4dd29269627d2f13ae1710b6cde24285042fd233045f896360bb6df
- SSDEEP
  
  3072:97r/OGPcq3rX5Jcog033nHam2BWntVSbPXM4nnbaB1Hlb9WSWMyprZkXnlOhljes:9/OGPcq3rX5bu
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2