34760421aeab439d359bc824909299390fa0a419ab8ddfb7822a16c75d07e59f | Triage

Sharing

General

Target

qs.zip
Size

7KB
Sample

231010-s7tdjaed3x
MD5

9892238d1b644c27fb429b115da7c0c5
SHA1

a23516d7c032520a0931a24ccb56e379d195f341
SHA256

34760421aeab439d359bc824909299390fa0a419ab8ddfb7822a16c75d07e59f
SHA512

0c65b920a7f37fc0cd88bad95dbb83c42756407ba84da64427dba69da47c41f575713dd8ca3aac2aec2ba7eb820afa9a5651d181048b18b6477ea4e46c3099c9
SSDEEP

192:HUgiUtnSpDyPWVPIbsYr+fk86pnwItgOOjYsdA:H/tkmXSmpwDOO1dA

Score

8^/10

Malware Config

Targets

- Target
  
  Report-17.txt
- Size
  
  32B
- MD5
  
  0a745521c2dd7ba39156e7adafc7ce19
- SHA1
  
  d1c868f429e1bcb7b46ddd6b887fe2af362e9c7f
- SHA256
  
  dd987b5aec951a4ecd827b81061005c8a03ae92ee0300545cd1cc71abca62d9d
- SHA512
  
  624ec872e7fc0caa4d687d57a8bc4a77689e8d6d3e17072283e9f17218c5dbbb0bf9d24485b31e0a40e739b44b2e8461e91288fb30221075d87f3bd19211e6ce
Score

1^/10
behavioral1 behavioral2
- Target
  
  Report-17.vbs
- Size
  
  16KB
- MD5
  
  902d4e9234583e12da2d0078d37f5a30
- SHA1
  
  7ced5e82455bc1afc788ebf13170f76a219edea2
- SHA256
  
  5c084328ab45eb579d31c3157b0f486cbfea6ca0dfd89dda2084ace5745b9549
- SHA512
  
  8a0e61e9d3110de4aa10c63b60dd0ace4b3725915c3e20d225986f94c30bd4fe181e94bb21d2771c458b256bdea2028a24f4d6e56c012d46da6032175810c1da
- SSDEEP
  
  384:SzE0ig4KR/aQsKsWMnkf+cTPgKekvj27vmJYs:AJHsXkfNEKekvq7eJz
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4