ea995ab98439bc4ce6209707650964576c98ad11cd270351d4fbb5d0076bc40f

General

Target

EXX.vbs
Size

209KB
Sample

231009-q4n9asdb9t
MD5

5d8410c20a0349ff3b5a346180455b76
SHA1

8d1ed5a505bba5df81757273aeef0ff2df403dd7
SHA256

ea995ab98439bc4ce6209707650964576c98ad11cd270351d4fbb5d0076bc40f
SHA512

a7da8ab934ff7779eb9a713eeb9bf0d2a625a620c9c4b621cc6217b0b62b8ce189cbf7d7c92ce6a1876e0d8a030faef78215f9ddc381f377d2b960b8a5ea97f7
SSDEEP

3072:Z/////P/LeDa/////4/////FrqqHFR/////p/////T/////F2/////zA//Bg////:1SrqqHFw

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  EXX.vbs
- Size
  
  209KB
- MD5
  
  5d8410c20a0349ff3b5a346180455b76
- SHA1
  
  8d1ed5a505bba5df81757273aeef0ff2df403dd7
- SHA256
  
  ea995ab98439bc4ce6209707650964576c98ad11cd270351d4fbb5d0076bc40f
- SHA512
  
  a7da8ab934ff7779eb9a713eeb9bf0d2a625a620c9c4b621cc6217b0b62b8ce189cbf7d7c92ce6a1876e0d8a030faef78215f9ddc381f377d2b960b8a5ea97f7
- SSDEEP
  
  3072:Z/////P/LeDa/////4/////FrqqHFR/////p/////T/////F2/////zA//Bg////:1SrqqHFw
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2