cc26e4159bcf830473349dbce636b936511cf30b8e8421534b991e7d07206829

General

Target

ERJ.vbs
Size

392KB
Sample

231002-qt4agabb5x
MD5

d207669c2526f70ffbf98de4ec4f8030
SHA1

139af174fe593c1892dda973b56690e65f6954f5
SHA256

cc26e4159bcf830473349dbce636b936511cf30b8e8421534b991e7d07206829
SHA512

8b81ad0c06deddb98807ef2ae66019459b30435145d648f71d86f647dcfc5335a8d6c52eadb231ffb483f301192990f379b53b1dae65f4326834aa95bf658738
SSDEEP

6144:Xeo5eaqbMCMAMnMLM1MBMlMOMOMeM+MbM3MnMoMnM+MkM8MTMiMGMuMNM5M+MuM0:Xy

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  ERJ.vbs
- Size
  
  392KB
- MD5
  
  d207669c2526f70ffbf98de4ec4f8030
- SHA1
  
  139af174fe593c1892dda973b56690e65f6954f5
- SHA256
  
  cc26e4159bcf830473349dbce636b936511cf30b8e8421534b991e7d07206829
- SHA512
  
  8b81ad0c06deddb98807ef2ae66019459b30435145d648f71d86f647dcfc5335a8d6c52eadb231ffb483f301192990f379b53b1dae65f4326834aa95bf658738
- SSDEEP
  
  6144:Xeo5eaqbMCMAMnMLM1MBMlMOMOMeM+MbM3MnMoMnM+MkM8MTMiMGMuMNM5M+MuM0:Xy
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2