3e80bcf2901d022317425aad5384c41846a73916f9aa085ba171af4737d3e2de

General

Target

trustinvagina.vbs
Size

382KB
Sample

231011-nbjf8scg45
MD5

fc819b935cb6e19025ae866400ff768e
SHA1

9d32b01bbb4e17f27492aa8a1c8ae032973ef1ef
SHA256

3e80bcf2901d022317425aad5384c41846a73916f9aa085ba171af4737d3e2de
SHA512

34cb49531431583d657a83e241d30ad213af5521a51c3a607f69b33dcde4d7fcdbaf4f86fa66ad947e3db3f49ea9d3ef53275f8ed79fc9a90086789b3debadda
SSDEEP

3072:bNMYjBnq3dH90pk9ZyvnZlcTtKUIuIckqG6ZdWBRn22222e22222n2222212222C:bNRnq3dbZyvnZlcZKUIuIfqG6ZdWBRs

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  trustinvagina.vbs
- Size
  
  382KB
- MD5
  
  fc819b935cb6e19025ae866400ff768e
- SHA1
  
  9d32b01bbb4e17f27492aa8a1c8ae032973ef1ef
- SHA256
  
  3e80bcf2901d022317425aad5384c41846a73916f9aa085ba171af4737d3e2de
- SHA512
  
  34cb49531431583d657a83e241d30ad213af5521a51c3a607f69b33dcde4d7fcdbaf4f86fa66ad947e3db3f49ea9d3ef53275f8ed79fc9a90086789b3debadda
- SSDEEP
  
  3072:bNMYjBnq3dH90pk9ZyvnZlcTtKUIuIckqG6ZdWBRn22222e22222n2222212222C:bNRnq3dbZyvnZlcZKUIuIfqG6ZdWBRs
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2