b116b683c17736feafd9b3d20bb58b8e45fd2cab888145fc3891f46e38ef0f2a

General

Target

orden 77100.vbs
Size

292KB
Sample

231011-xvyjyahe87
MD5

1d804c707e82e967ce7e47519f292d49
SHA1

45571fbb7f244f8a31fa6f3faeab7fcaae3035f2
SHA256

b116b683c17736feafd9b3d20bb58b8e45fd2cab888145fc3891f46e38ef0f2a
SHA512

88174c038e82f6db6c63f15fc96fb7c00b8350f2b70d2bf8095004195cab828dd3c6cdec3fd76e1e29335c70c6d93de49f94d8177c68c0d8929419ed0df94682
SSDEEP

1536:GA4xi/NbR0k4NkOhXCcsBsrsT0sGz/razpazpNz2zLzUzTzpzqvzSzazSz3zbzTI:axi/NbCk4NkOhycsBsrsT0s0ruuw97

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  orden 77100.vbs
- Size
  
  292KB
- MD5
  
  1d804c707e82e967ce7e47519f292d49
- SHA1
  
  45571fbb7f244f8a31fa6f3faeab7fcaae3035f2
- SHA256
  
  b116b683c17736feafd9b3d20bb58b8e45fd2cab888145fc3891f46e38ef0f2a
- SHA512
  
  88174c038e82f6db6c63f15fc96fb7c00b8350f2b70d2bf8095004195cab828dd3c6cdec3fd76e1e29335c70c6d93de49f94d8177c68c0d8929419ed0df94682
- SSDEEP
  
  1536:GA4xi/NbR0k4NkOhXCcsBsrsT0sGz/razpazpNz2zLzUzTzpzqvzSzazSz3zbzTI:axi/NbCk4NkOhycsBsrsT0s0ruuw97
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2