daf99da0f56cf5d8b2f541ec9808af5d3b856063546f8e190411157f6d6f9c12

General

Target

VENUS GLORY and IRIS GLORY DESCRIPTION PDF.vbs
Size

302KB
Sample

231013-esbnaade7v
MD5

caaed8994f3aea3c2dcbc43da078a9c8
SHA1

08bbe9462f15c12c92db92e0afb475e1b51a14b2
SHA256

daf99da0f56cf5d8b2f541ec9808af5d3b856063546f8e190411157f6d6f9c12
SHA512

a19f67b93b114d7a1b77f655073ef8bcfb78706c59f0b68cba859d94e9630dc9d0f5acd06fbaaaa04145f51ee7f9cc37213a25e8e4a1821e5d1d4c9429978677
SSDEEP

3072:2Xkrp2U2VD8O2r212d9v9be4nnfeNkeAPMpcdW9:2Xkrp2U2VD8O2r212dVhe4nnfeNd9

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  VENUS GLORY and IRIS GLORY DESCRIPTION PDF.vbs
- Size
  
  302KB
- MD5
  
  caaed8994f3aea3c2dcbc43da078a9c8
- SHA1
  
  08bbe9462f15c12c92db92e0afb475e1b51a14b2
- SHA256
  
  daf99da0f56cf5d8b2f541ec9808af5d3b856063546f8e190411157f6d6f9c12
- SHA512
  
  a19f67b93b114d7a1b77f655073ef8bcfb78706c59f0b68cba859d94e9630dc9d0f5acd06fbaaaa04145f51ee7f9cc37213a25e8e4a1821e5d1d4c9429978677
- SSDEEP
  
  3072:2Xkrp2U2VD8O2r212d9v9be4nnfeNkeAPMpcdW9:2Xkrp2U2VD8O2r212dVhe4nnfeNd9
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2