2a7f4adcf351e75c03b1a62df7d7528d19056bd963720f953f73f05a625ef068 | Triage

Sharing

General

Target

FACTURAgzneih0__Ikb_(295).rar
Size

714B
Sample

231124-afcmlade66
MD5

9c902370a45ca5ca820b48ea61f02577
SHA1

1896a6c2e1b8c74605f6a6dec66ccac3a9556cac
SHA256

2a7f4adcf351e75c03b1a62df7d7528d19056bd963720f953f73f05a625ef068
SHA512

f4ab0d73beefed2795c5e1f6cdaa56c2666894393a7f6cfcbb0c8f4cd28934f0c2ea0caf3f81d9f47b6a49b0f5614e8fce5a2b74f0d891df69fe28d29e4ad238

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://dftssa.3utilities.com/03/17

Targets

- Target
  
  FACTURAgzneih0__Ikb_(295).PDF.vbs
- Size
  
  781B
- MD5
  
  498f2220d6962b5b49fc6c2750610a90
- SHA1
  
  06485ce9a6ba48a240c712497900a4240385ea02
- SHA256
  
  36c56e3a9202c35e76a3ed10d00650c821b6ee9e1b3834fbab5fa5047d1ee99c
- SHA512
  
  e7bd5952c327938e373811d3979c3a930d20782a9d8fc06f5f315da87f43ca02e3db86f65aaafebf63c86800df5733005f67db5a6dbf4546fd17ce4ed9649e42
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2