7839b201945e7614f7f2d216308aaf552e6229f3ccb4453b7babc0ce63926c81

General

Target

castrrrrrrrrrrrrrrrFilevbs_JC.unknown
Size

354KB
Sample

231005-xdds7sgb92
MD5

d3b052e6d69f99af39bc63450bf1c954
SHA1

1f599f59153db4d76511bc367c7f98ca2e9f2ff1
SHA256

7839b201945e7614f7f2d216308aaf552e6229f3ccb4453b7babc0ce63926c81
SHA512

0f7e7c366bdadd7d4415d1cfa8503558705743aec2079cd1a59365281f55f3da22d16695676f992eb38e758bce8b991634a7fe1b057eb4a9f84816e1e85e9f4d
SSDEEP

3072:54hieoOY/ieopMwFwXCjw2jE8vieUyeE8vieUytelffP7FF0JSsUOeIxjc:QcOY/cpDR9+9telffP7FP

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  castrrrrrrrrrrrrrrrFilevbs_JC.unknown
- Size
  
  354KB
- MD5
  
  d3b052e6d69f99af39bc63450bf1c954
- SHA1
  
  1f599f59153db4d76511bc367c7f98ca2e9f2ff1
- SHA256
  
  7839b201945e7614f7f2d216308aaf552e6229f3ccb4453b7babc0ce63926c81
- SHA512
  
  0f7e7c366bdadd7d4415d1cfa8503558705743aec2079cd1a59365281f55f3da22d16695676f992eb38e758bce8b991634a7fe1b057eb4a9f84816e1e85e9f4d
- SSDEEP
  
  3072:54hieoOY/ieopMwFwXCjw2jE8vieUyeE8vieUytelffP7FF0JSsUOeIxjc:QcOY/cpDR9+9telffP7FP
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2